taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

secmod CS sign implementation

Browse Source
This commit is contained in:
Gian Demarmels 2022-01-06 16:24:50 +01:00
parent 82405b0ce5
commit 2d70c8c6d0
No known key found for this signature in database
GPG Key ID: 030CEDDCCC92D778
5 changed files with 179 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/include/taler_crypto_lib.h
View File

@ -1784,9 +1784,8 @@ TALER_CRYPTO_helper_cs_poll (struct TALER_CRYPTO_CsDenominationHelper *dh);
* differences in the signature counters. Retrying in this case may work. * differences in the signature counters. Retrying in this case may work.
* *
* @param dh helper process connection * @param dh helper process connection
* @param h_rsa hash of the RSA public key to use to sign * @param h_cs hash of the CS public key to use to sign
* @param msg message to sign * @param blinded_planchet blinded planchet containing c and nonce
* @param msg_size number of bytes in @a msg
* @param[out] ec set to the error code (or #TALER_EC_NONE on success) * @param[out] ec set to the error code (or #TALER_EC_NONE on success)
* @return signature, the value inside the structure will be NULL on failure, * @return signature, the value inside the structure will be NULL on failure,
* see @a ec for details about the failure * see @a ec for details about the failure
@ -1795,8 +1794,7 @@ struct TALER_BlindedDenominationSignature
TALER_CRYPTO_helper_cs_sign ( TALER_CRYPTO_helper_cs_sign (
struct TALER_CRYPTO_CsDenominationHelper *dh, struct TALER_CRYPTO_CsDenominationHelper *dh,
const struct TALER_CsPubHashP *h_cs, const struct TALER_CsPubHashP *h_cs,
const void *msg, const struct TALER_BlindedCsPlanchet *blinded_planchet,
size_t msg_size,
enum TALER_ErrorCode *ec); enum TALER_ErrorCode *ec);

36
src/util/crypto_helper_cs.c
View File

@ -210,16 +210,6 @@ handle_mt_avail (struct TALER_CRYPTO_CsDenominationHelper *dh,
memcpy (&denom_pub.details.cs_public_key, buf, ntohs (kan->pub_size)); memcpy (&denom_pub.details.cs_public_key, buf, ntohs (kan->pub_size));
TALER_cs_pub_hash (&denom_pub.details.cs_public_key, &h_cs); TALER_cs_pub_hash (&denom_pub.details.cs_public_key, &h_cs);
// enom_pub.details.rsa_public_key
// = GNUNET_CRYPTO_rsa_public_key_decode (buf,
// ntohs (kan->pub_size));
// if (NULL == denom_pub.details.rsa_public_key)
// {
// GNUNET_break_op (0);
// return GNUNET_SYSERR;
// }
// GNUNET_CRYPTO_rsa_public_key_hash (denom_pub.details.rsa_public_key,
// &h_cs.hash);
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Received CS key %s (%s)\n", "Received CS key %s (%s)\n",
GNUNET_h2s (&h_cs.hash), GNUNET_h2s (&h_cs.hash),
@ -394,8 +384,7 @@ struct TALER_BlindedDenominationSignature
TALER_CRYPTO_helper_cs_sign ( TALER_CRYPTO_helper_cs_sign (
struct TALER_CRYPTO_CsDenominationHelper *dh, struct TALER_CRYPTO_CsDenominationHelper *dh,
const struct TALER_CsPubHashP *h_cs, const struct TALER_CsPubHashP *h_cs,
const void *msg, const struct TALER_BlindedCsPlanchet *blinded_planchet,
size_t msg_size,
enum TALER_ErrorCode *ec) enum TALER_ErrorCode *ec)
{ {
struct TALER_BlindedDenominationSignature ds = { struct TALER_BlindedDenominationSignature ds = {
@ -416,7 +405,7 @@ TALER_CRYPTO_helper_cs_sign (
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Requesting signature\n"); "Requesting signature\n");
{ {
char buf[sizeof (struct TALER_CRYPTO_CsSignRequest) + msg_size]; char buf[sizeof (struct TALER_CRYPTO_CsSignRequest)];
struct TALER_CRYPTO_CsSignRequest *sr struct TALER_CRYPTO_CsSignRequest *sr
= (struct TALER_CRYPTO_CsSignRequest *) buf; = (struct TALER_CRYPTO_CsSignRequest *) buf;
@ -424,9 +413,7 @@ TALER_CRYPTO_helper_cs_sign (
sr->header.type = htons (TALER_HELPER_CS_MT_REQ_SIGN); sr->header.type = htons (TALER_HELPER_CS_MT_REQ_SIGN);
sr->reserved = htonl (0); sr->reserved = htonl (0);
sr->h_cs = *h_cs; sr->h_cs = *h_cs;
memcpy (&sr[1], sr->planchet = *blinded_planchet;
msg,
msg_size);
if (GNUNET_OK != if (GNUNET_OK !=
TALER_crypto_helper_send_all (dh->sock, TALER_crypto_helper_send_all (dh->sock,
buf, buf,
@ -511,24 +498,13 @@ more:
{ {
const struct TALER_CRYPTO_SignResponse *sr = const struct TALER_CRYPTO_SignResponse *sr =
(const struct TALER_CRYPTO_SignResponse *) buf; (const struct TALER_CRYPTO_SignResponse *) buf;
struct GNUNET_CRYPTO_RsaSignature *rsa_signature; // TODO: add nullcheck
rsa_signature = GNUNET_CRYPTO_rsa_signature_decode (
&sr[1],
msize - sizeof (*sr));
if (NULL == rsa_signature)
{
GNUNET_break_op (0);
do_disconnect (dh);
*ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
goto end;
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Received signature\n"); "Received signature\n");
*ec = TALER_EC_NONE; *ec = TALER_EC_NONE;
finished = true; finished = true;
ds.cipher = TALER_DENOMINATION_RSA; ds.cipher = TALER_DENOMINATION_CS;
ds.details.blinded_rsa_signature = rsa_signature; ds.details.blinded_cs_answer = sr->cs_answer;
break; break;
} }
case TALER_HELPER_CS_MT_RES_SIGN_FAILURE: case TALER_HELPER_CS_MT_RES_SIGN_FAILURE:

213
src/util/taler-exchange-secmod-cs.c
View File

@ -240,8 +240,6 @@ generate_response (struct DenominationKey *dk)
void *p; void *p;
size_t tlen; size_t tlen;
// buf_len = GNUNET_CRYPTO_rsa_public_key_encode (dk->denom_pub,
// &buf);
GNUNET_assert (sizeof(dk->denom_pub) < UINT16_MAX); GNUNET_assert (sizeof(dk->denom_pub) < UINT16_MAX);
GNUNET_assert (nlen < UINT16_MAX); GNUNET_assert (nlen < UINT16_MAX);
tlen = sizeof(dk->denom_pub) + nlen + sizeof (*an); tlen = sizeof(dk->denom_pub) + nlen + sizeof (*an);
@ -284,64 +282,66 @@ static enum GNUNET_GenericReturnValue
handle_sign_request (struct TES_Client *client, handle_sign_request (struct TES_Client *client,
const struct TALER_CRYPTO_CsSignRequest *sr) const struct TALER_CRYPTO_CsSignRequest *sr)
{ {
return GNUNET_OK; struct DenominationKey *dk;
// struct DenominationKey *dk; struct GNUNET_CRYPTO_CsRSecret r[2];
// const void *blinded_msg = &sr[1];
// size_t blinded_msg_size = ntohs (sr->header.size) - sizeof (*sr);
// struct GNUNET_CRYPTO_RsaSignature *rsa_signature;
// struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get ();
// GNUNET_assert (0 == pthread_mutex_lock (&keys_lock)); struct TALER_BlindedDenominationCsSignAnswer cs_answer;
// dk = GNUNET_CONTAINER_multihashmap_get (keys, struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get ();
// &sr->h_cs.hash);
// if (NULL == dk)
// {
// struct TALER_CRYPTO_SignFailure sf = {
// .header.size = htons (sizeof (sr)),
// .header.type = htons (TALER_HELPER_CS_MT_RES_SIGN_FAILURE),
// .ec = htonl (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN)
// };
// GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock)); GNUNET_assert (0 == pthread_mutex_lock (&keys_lock));
// GNUNET_log (GNUNET_ERROR_TYPE_INFO, dk = GNUNET_CONTAINER_multihashmap_get (keys,
// "Signing request failed, denomination key %s unknown\n", &sr->h_cs.hash);
// GNUNET_h2s (&sr->h_cs.hash)); if (NULL == dk)
// return TES_transmit (client->csock, {
// &sf.header); struct TALER_CRYPTO_SignFailure sf = {
// } .header.size = htons (sizeof (sr)),
// if (GNUNET_TIME_absolute_is_future (dk->anchor.abs_time)) .header.type = htons (TALER_HELPER_CS_MT_RES_SIGN_FAILURE),
// { .ec = htonl (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN)
// /* it is too early */ };
// struct TALER_CRYPTO_SignFailure sf = {
// .header.size = htons (sizeof (sr)),
// .header.type = htons (TALER_HELPER_CS_MT_RES_SIGN_FAILURE),
// .ec = htonl (TALER_EC_EXCHANGE_DENOMINATION_HELPER_TOO_EARLY)
// };
// GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock)); GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock));
// GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
// "Signing request failed, denomination key %s is not yet valid\n", "Signing request failed, denomination key %s unknown\n",
// GNUNET_h2s (&sr->h_cs.hash)); GNUNET_h2s (&sr->h_cs.hash));
// return TES_transmit (client->csock, return TES_transmit (client->csock,
// &sf.header); &sf.header);
// } }
if (GNUNET_TIME_absolute_is_future (dk->anchor.abs_time))
{
/* it is too early */
struct TALER_CRYPTO_SignFailure sf = {
.header.size = htons (sizeof (sr)),
.header.type = htons (TALER_HELPER_CS_MT_RES_SIGN_FAILURE),
.ec = htonl (TALER_EC_EXCHANGE_DENOMINATION_HELPER_TOO_EARLY)
};
// GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock));
// "Received request to sign over %u bytes with key %s\n", GNUNET_log (GNUNET_ERROR_TYPE_INFO,
// (unsigned int) blinded_msg_size, "Signing request failed, denomination key %s is not yet valid\n",
// GNUNET_h2s (&sr->h_cs.hash)); GNUNET_h2s (&sr->h_cs.hash));
// GNUNET_assert (dk->rc < UINT_MAX); return TES_transmit (client->csock,
// dk->rc++; &sf.header);
// GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock)); }
// rsa_signature
// = GNUNET_CRYPTO_rsa_sign_blinded (dk->denom_priv, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
// blinded_msg, "Received request to sign over bytes with key %s\n",
// blinded_msg_size); GNUNET_h2s (&sr->h_cs.hash));
// GNUNET_assert (0 == pthread_mutex_lock (&keys_lock)); GNUNET_assert (dk->rc < UINT_MAX);
// GNUNET_assert (dk->rc > 0); dk->rc++;
// dk->rc--; GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock));
// GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock));
// if (NULL == rsa_signature) GNUNET_CRYPTO_cs_r_derive (&sr->planchet.nonce.nonce, &dk->denom_priv, r);
cs_answer.b = GNUNET_CRYPTO_cs_sign_derive (&dk->denom_priv,
r,
sr->planchet.c,
&sr->planchet.nonce.nonce,
&cs_answer.s_scalar);
GNUNET_assert (0 == pthread_mutex_lock (&keys_lock));
GNUNET_assert (dk->rc > 0);
dk->rc--;
GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock));
// if (NULL == cs_answer)
// { // {
// struct TALER_CRYPTO_SignFailure sf = { // struct TALER_CRYPTO_SignFailure sf = {
// .header.size = htons (sizeof (sf)), // .header.size = htons (sizeof (sf)),
@ -355,40 +355,32 @@ handle_sign_request (struct TES_Client *client,
// &sf.header); // &sf.header);
// } // }
// { {
// struct TALER_CRYPTO_SignResponse *sr; struct TALER_CRYPTO_SignResponse *sr;
// void *buf; size_t tsize;
// size_t buf_size; enum GNUNET_GenericReturnValue ret;
// size_t tsize;
// enum GNUNET_GenericReturnValue ret;
// buf_size = GNUNET_CRYPTO_rsa_signature_encode (rsa_signature, tsize = sizeof (*sr) + sizeof(cs_answer);
// &buf); GNUNET_assert (tsize < UINT16_MAX);
// GNUNET_CRYPTO_rsa_signature_free (rsa_signature); sr = GNUNET_malloc (tsize);
// tsize = sizeof (*sr) + buf_size; sr->header.size = htons (tsize);
// GNUNET_assert (tsize < UINT16_MAX); sr->header.type = htons (TALER_HELPER_CS_MT_RES_SIGNATURE);
// sr = GNUNET_malloc (tsize); sr->cs_answer = cs_answer;
// sr->header.size = htons (tsize); GNUNET_log (GNUNET_ERROR_TYPE_INFO,
// sr->header.type = htons (TALER_HELPER_CS_MT_RES_SIGNATURE); "Sending CS signature after %s\n",
// memcpy (&sr[1], GNUNET_TIME_relative2s (
// buf, GNUNET_TIME_absolute_get_duration (now),
// buf_size); GNUNET_YES));
// GNUNET_free (buf); ret = TES_transmit (client->csock,
// GNUNET_log (GNUNET_ERROR_TYPE_INFO, &sr->header);
// "Sending CS signature after %s\n", GNUNET_log (GNUNET_ERROR_TYPE_INFO,
// GNUNET_TIME_relative2s ( "Sent CS signature after %s\n",
// GNUNET_TIME_absolute_get_duration (now), GNUNET_TIME_relative2s (
// GNUNET_YES)); GNUNET_TIME_absolute_get_duration (now),
// ret = TES_transmit (client->csock, GNUNET_YES));
// &sr->header); GNUNET_free (sr);
// GNUNET_log (GNUNET_ERROR_TYPE_INFO, return ret;
// "Sent CS signature after %s\n", }
// GNUNET_TIME_relative2s (
// GNUNET_TIME_absolute_get_duration (now),
// GNUNET_YES));
// GNUNET_free (sr);
// return ret;
// }
} }
@ -409,28 +401,11 @@ setup_key (struct DenominationKey *dk,
GNUNET_CRYPTO_cs_private_key_generate (&priv); GNUNET_CRYPTO_cs_private_key_generate (&priv);
GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub); GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub);
// TODO: Add nullcheck?
TALER_cs_pub_hash (&pub, TALER_cs_pub_hash (&pub,
&dk->h_cs); &dk->h_cs);
// priv = GNUNET_CRYPTO_rsa_private_key_create (denom->rsa_keysize);
// if (NULL == priv)
// {
// GNUNET_break (0);
// GNUNET_SCHEDULER_shutdown ();
// global_ret = EXIT_FAILURE;
// return GNUNET_SYSERR;
// }
// pub = GNUNET_CRYPTO_rsa_private_key_get_public (priv);
// if (NULL == pub)
// {
// GNUNET_break (0);
// GNUNET_CRYPTO_rsa_private_key_free (priv);
// return GNUNET_SYSERR;
// }
// buf_size = GNUNET_CRYPTO_rsa_private_key_encode (priv,
// &buf);
// TALER_rsa_pub_hash (pub,
// &dk->h_cs);
GNUNET_asprintf (&dk->filename, GNUNET_asprintf (&dk->filename,
"%s/%s/%llu", "%s/%s/%llu",
keydir, keydir,
@ -674,7 +649,7 @@ cs_work_dispatch (struct TES_Client *client,
switch (ntohs (hdr->type)) switch (ntohs (hdr->type))
{ {
case TALER_HELPER_CS_MT_REQ_SIGN: case TALER_HELPER_CS_MT_REQ_SIGN:
if (msize <= sizeof (struct TALER_CRYPTO_CsSignRequest)) if (msize < sizeof (struct TALER_CRYPTO_CsSignRequest))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return GNUNET_SYSERR; return GNUNET_SYSERR;
@ -1144,17 +1119,9 @@ parse_key (struct Denomination *denom,
return; return;
} }
// TODO: memcpy or cast?
memcpy (&priv, buf, sizeof(priv)); memcpy (&priv, buf, sizeof(priv));
// priv = GNUNET_CRYPTO_rsa_private_key_decode (buf,
// buf_size);
// if (NULL == priv)
// {
// /* Parser failure. */
// GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
// "File `%s' is malformed, skipping\n",
// filename);
// return;
// }
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"privkey %zu\n", "privkey %zu\n",
sizeof(priv)); sizeof(priv));
@ -1167,14 +1134,8 @@ parse_key (struct Denomination *denom,
struct DenominationKey *dk; struct DenominationKey *dk;
struct DenominationKey *before; struct DenominationKey *before;
// TODO: Add check if pubkey is set?
GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub); GNUNET_CRYPTO_cs_private_key_get_public (&priv, &pub);
// pub = GNUNET_CRYPTO_rsa_private_key_get_public (priv);
// if (NULL == pub)
// {
// GNUNET_break (0);
// GNUNET_CRYPTO_rsa_private_key_free (priv);
// return;
// }
dk = GNUNET_new (struct DenominationKey); dk = GNUNET_new (struct DenominationKey);
dk->denom_priv = priv; dk->denom_priv = priv;
dk->denom = denom; dk->denom = denom;

12
src/util/taler-exchange-secmod-cs.h
View File

@ -133,7 +133,12 @@ struct TALER_CRYPTO_CsSignRequest
*/ */
struct TALER_CsPubHashP h_cs; struct TALER_CsPubHashP h_cs;
/* followed by message to sign */ /**
* Planchet containing message to sign
* and nonce to derive R from
*/
struct TALER_BlindedCsPlanchet planchet;
}; };
/** /**
@ -200,7 +205,10 @@ struct TALER_CRYPTO_SignResponse
*/ */
uint32_t reserved; uint32_t reserved;
/* followed by CS signature */ /**
* Contains the blindided s and the chosen b
*/
struct TALER_BlindedDenominationCsSignAnswer cs_answer;
}; };
/** /**

111
src/util/test_helper_cs.c
View File

@ -270,15 +270,15 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh)
struct TALER_PlanchetSecretsP ps; struct TALER_PlanchetSecretsP ps;
struct TALER_CoinPubHash c_hash; struct TALER_CoinPubHash c_hash;
TALER_planchet_setup_random (&ps, TALER_DENOMINATION_RSA); TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS);
for (unsigned int i = 0; i<MAX_KEYS; i++) for (unsigned int i = 0; i<MAX_KEYS; i++)
{ {
struct TALER_PlanchetDetail pd;
if (! keys[i].valid) if (! keys[i].valid)
continue; continue;
// TODO: insert assertion into other checks // TODO: insert assertion into other checks
GNUNET_assert (TALER_DENOMINATION_CS == keys[i].denom_pub.cipher); GNUNET_assert (TALER_DENOMINATION_CS == keys[i].denom_pub.cipher);
{ {
struct TALER_PlanchetDetail pd;
pd.blinded_planchet.cipher = TALER_DENOMINATION_CS; pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
TALER_cs_withdraw_nonce_derive (&ps.coin_priv, TALER_cs_withdraw_nonce_derive (&ps.coin_priv,
@ -315,11 +315,22 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh)
return 5; return 5;
} }
// since R is part of the signature creation process, it can't be tested fully here
// instead it will be further tested in the signature creation process
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Received valid R for key %s\n", "Received valid R for key %s\n",
GNUNET_h2s (&keys[i].h_cs.hash)); GNUNET_h2s (&keys[i].h_cs.hash));
ps.cs_r_pub = r_pub;
TALER_blinding_secret_create (&ps.blinding_key,
TALER_DENOMINATION_CS,
&ps.coin_priv,
&ps.cs_r_pub);
// TODO: sometimes the tests fail here in a calculation in gnunet. needs to be further analysed.
GNUNET_assert (GNUNET_OK ==
TALER_planchet_prepare (&keys[i].denom_pub,
&ps,
&c_hash,
&pd));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Successfully prepared planchet");
success = true; success = true;
break; break;
case TALER_EC_EXCHANGE_DENOMINATION_HELPER_TOO_EARLY: case TALER_EC_EXCHANGE_DENOMINATION_HELPER_TOO_EARLY:
@ -397,36 +408,43 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
struct TALER_PlanchetSecretsP ps; struct TALER_PlanchetSecretsP ps;
struct TALER_CoinPubHash c_hash; struct TALER_CoinPubHash c_hash;
TALER_planchet_setup_random (&ps, TALER_DENOMINATION_RSA); TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS);
for (unsigned int i = 0; i<MAX_KEYS; i++) for (unsigned int i = 0; i<MAX_KEYS; i++)
{ {
if (! keys[i].valid) if (! keys[i].valid)
continue; continue;
{ {
struct TALER_PlanchetDetail pd; struct TALER_PlanchetDetail pd;
pd.blinded_planchet.cipher = TALER_DENOMINATION_RSA; pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
// keys[i].denom_pub.cipher = TALER_DENOMINATION_CS; // keys[i].denom_pub.cipher = TALER_DENOMINATION_CS;
TALER_cs_withdraw_nonce_derive (&ps.coin_priv,
&pd.blinded_planchet.details.
cs_blinded_planchet.nonce);
ps.cs_r_pub = TALER_CRYPTO_helper_cs_r_derive (dh,
&keys[i].h_cs,
&pd.blinded_planchet.
details.
cs_blinded_planchet.nonce,
&ec);
TALER_blinding_secret_create (&ps.blinding_key,
TALER_DENOMINATION_CS,
&ps.coin_priv,
&ps.cs_r_pub);
GNUNET_assert (GNUNET_YES == GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[i].denom_pub, TALER_planchet_prepare (&keys[i].denom_pub,
&ps, &ps,
&c_hash, &c_hash,
&pd)); &pd));
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Requesting signature over %u bytes with key %s\n", "Requesting signature with key %s\n",
(unsigned
int) pd.blinded_planchet.details.rsa_blinded_planchet.
blinded_msg_size,
GNUNET_h2s (&keys[i].h_cs.hash)); GNUNET_h2s (&keys[i].h_cs.hash));
ds = TALER_CRYPTO_helper_cs_sign (dh, ds = TALER_CRYPTO_helper_cs_sign (dh,
&keys[i].h_cs, &keys[i].h_cs,
pd.blinded_planchet.details. &pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg, cs_blinded_planchet,
pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg_size,
&ec); &ec);
GNUNET_free (
pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
} }
switch (ec) switch (ec)
{ {
@ -456,7 +474,8 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
TALER_denom_sig_unblind (&rs, TALER_denom_sig_unblind (&rs,
&ds, &ds,
&ps.blinding_key, &ps.blinding_key,
&keys[i].denom_pub)) &keys[i].denom_pub,
&ps.cs_r_pub_blinded))
{ {
GNUNET_break (0); GNUNET_break (0);
return 6; return 6;
@ -513,15 +532,23 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
/* check signing does not work if the key is unknown */ /* check signing does not work if the key is unknown */
{ {
struct TALER_PlanchetDetail pd;
struct TALER_CsPubHashP rnd; struct TALER_CsPubHashP rnd;
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&rnd, &rnd,
sizeof (rnd)); sizeof (rnd));
pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[0].denom_pub,
&ps,
&c_hash,
&pd));
ds = TALER_CRYPTO_helper_cs_sign (dh, ds = TALER_CRYPTO_helper_cs_sign (dh,
&rnd, &rnd,
"Hello", &pd.blinded_planchet.details.
strlen ("Hello"), cs_blinded_planchet,
&ec); &ec);
if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec) if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec)
{ {
@ -553,7 +580,7 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh,
struct GNUNET_TIME_Relative duration; struct GNUNET_TIME_Relative duration;
struct TALER_PlanchetSecretsP ps; struct TALER_PlanchetSecretsP ps;
TALER_planchet_setup_random (&ps, TALER_DENOMINATION_RSA); TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS);
duration = GNUNET_TIME_UNIT_ZERO; duration = GNUNET_TIME_UNIT_ZERO;
TALER_CRYPTO_helper_cs_poll (dh); TALER_CRYPTO_helper_cs_poll (dh);
for (unsigned int j = 0; j<NUM_SIGN_PERFS;) for (unsigned int j = 0; j<NUM_SIGN_PERFS;)
@ -575,6 +602,23 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh,
{ {
struct TALER_CoinPubHash c_hash; struct TALER_CoinPubHash c_hash;
struct TALER_PlanchetDetail pd; struct TALER_PlanchetDetail pd;
pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
TALER_cs_withdraw_nonce_derive (&ps.coin_priv,
&pd.blinded_planchet.details.
cs_blinded_planchet.nonce);
ps.cs_r_pub = TALER_CRYPTO_helper_cs_r_derive (dh,
&keys[i].h_cs,
&pd.blinded_planchet.
details.
cs_blinded_planchet.nonce,
&ec);
TALER_blinding_secret_create (&ps.blinding_key,
TALER_DENOMINATION_CS,
&ps.coin_priv,
&ps.cs_r_pub);
GNUNET_assert (GNUNET_YES == GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[i].denom_pub, TALER_planchet_prepare (&keys[i].denom_pub,
@ -589,11 +633,8 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh,
ds = TALER_CRYPTO_helper_cs_sign (dh, ds = TALER_CRYPTO_helper_cs_sign (dh,
&keys[i].h_cs, &keys[i].h_cs,
pd.blinded_planchet.details. &pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg, cs_blinded_planchet,
pd.blinded_planchet.details.
rsa_blinded_planchet.
blinded_msg_size,
&ec); &ec);
if (TALER_EC_NONE != ec) if (TALER_EC_NONE != ec)
break; break;
@ -605,8 +646,6 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh,
if (NUM_SIGN_PERFS <= j) if (NUM_SIGN_PERFS <= j)
break; break;
} }
GNUNET_free (
pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
} }
} /* for i */ } /* for i */
} /* for j */ } /* for j */
@ -731,16 +770,15 @@ run_test (void)
ret = test_revocation (dh); ret = test_revocation (dh);
if (0 == ret) if (0 == ret)
ret = test_r_derive (dh); ret = test_r_derive (dh);
// TODO: implement other tests if (0 == ret)
// if (0 == ret) ret = test_signing (dh);
// ret = test_signing (dh); if (0 == ret)
// if (0 == ret) ret = perf_signing (dh,
// ret = perf_signing (dh, "sequential");
// "sequential");
TALER_CRYPTO_helper_cs_disconnect (dh); TALER_CRYPTO_helper_cs_disconnect (dh);
free_keys (); free_keys ();
// if (0 == ret) if (0 == ret)
// ret = par_signing (cfg); ret = par_signing (cfg);
/* clean up our state */ /* clean up our state */
GNUNET_CONFIGURATION_destroy (cfg); GNUNET_CONFIGURATION_destroy (cfg);
return ret; return ret;
@ -814,9 +852,6 @@ main (int argc,
(int) code); (int) code);
ret = 5; ret = 5;
} }
// TODO: remove
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"I am here");
GNUNET_OS_process_destroy (helper); GNUNET_OS_process_destroy (helper);
return ret; return ret;
} }