taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix #4483

Browse Source
This commit is contained in:
Christian Grothoff 2016-05-24 20:13:31 +02:00
parent 8c3ffbf2a3
commit 32bb3b14bf
16 changed files with 193 additions and 560 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

171
src/exchange-lib/exchange_api_refresh.c
View File

@ -105,13 +105,9 @@ struct FreshCoinP
struct TALER_CoinSpendPrivateKeyP coin_priv; struct TALER_CoinSpendPrivateKeyP coin_priv;
/** /**
* Size of the encoded blinding key that follows. * The blinding key.
*/ */
uint32_t bbuf_size; struct TALER_DenominationBlindingKeyP blinding_key;
/* Followed by serialization of:
- struct TALER_DenominationBlindingKey blinding_key;
*/
}; };
@ -204,26 +200,6 @@ struct MeltedCoin
}; };
/**
* Coin-specific information about the fresh coins we generate during
* a melt.
*/
struct FreshCoin
{
/**
* Private key of the coin.
*/
struct TALER_CoinSpendPrivateKeyP coin_priv;
/**
* Blinding key used for blinding during blind signing.
*/
struct TALER_DenominationBlindingKey blinding_key;
};
/** /**
* Melt data in non-serialized format for convenient processing. * Melt data in non-serialized format for convenient processing.
*/ */
@ -260,7 +236,7 @@ struct MeltData
* Arrays of @e num_fresh_coins with information about the fresh * Arrays of @e num_fresh_coins with information about the fresh
* coins to be created, for each cut-and-choose dimension. * coins to be created, for each cut-and-choose dimension.
*/ */
struct FreshCoin *fresh_coins[TALER_CNC_KAPPA]; struct FreshCoinP *fresh_coins[TALER_CNC_KAPPA];
}; };
@ -280,22 +256,6 @@ free_melted_coin (struct MeltedCoin *mc)
} }
/**
* Free all information associated with a fresh coin.
*
* @param fc fresh coin to release, the pointer itself is NOT
* freed (as it is typically not allocated by itself)
*/
static void
free_fresh_coin (struct FreshCoin *fc)
{
if (NULL == fc)
return;
if (NULL != fc->blinding_key.rsa_blinding_key)
GNUNET_CRYPTO_rsa_blinding_key_free (fc->blinding_key.rsa_blinding_key);
}
/** /**
* Free all information associated with a melting session. Note * Free all information associated with a melting session. Note
* that we allow the melting session to be only partially initialized, * that we allow the melting session to be only partially initialized,
@ -309,7 +269,6 @@ static void
free_melt_data (struct MeltData *md) free_melt_data (struct MeltData *md)
{ {
unsigned int i; unsigned int i;
unsigned int j;
free_melted_coin (&md->melted_coin); free_melted_coin (&md->melted_coin);
if (NULL != md->fresh_pks) if (NULL != md->fresh_pks)
@ -321,11 +280,7 @@ free_melt_data (struct MeltData *md)
} }
for (i=0;i<TALER_CNC_KAPPA;i++) for (i=0;i<TALER_CNC_KAPPA;i++)
{
for (j=0;j<md->num_fresh_coins;j++)
free_fresh_coin (&md->fresh_coins[i][j]);
GNUNET_free (md->fresh_coins[i]); GNUNET_free (md->fresh_coins[i]);
}
/* Finally, clean up a bit... /* Finally, clean up a bit...
(NOTE: compilers might optimize this away, so this is (NOTE: compilers might optimize this away, so this is
not providing any strong assurances that the key material not providing any strong assurances that the key material
@ -567,31 +522,15 @@ deserialize_denomination_key (struct TALER_DenominationPublicKey *dk,
* @a buf is NULL, number of bytes required * @a buf is NULL, number of bytes required
*/ */
static size_t static size_t
serialize_fresh_coin (const struct FreshCoin *fc, serialize_fresh_coin (const struct FreshCoinP *fc,
char *buf, char *buf,
size_t off) size_t off)
{ {
struct FreshCoinP fcp; if (NULL != buf)
char *bbuf; memcpy (&buf[off],
size_t bbuf_size; fc,
sizeof (struct FreshCoinP));
bbuf_size = GNUNET_CRYPTO_rsa_blinding_key_encode (fc->blinding_key.rsa_blinding_key, return sizeof (struct FreshCoinP);
&bbuf);
if (NULL == buf)
{
GNUNET_free (bbuf);
return sizeof (struct FreshCoinP) + bbuf_size;
}
fcp.coin_priv = fc->coin_priv;
fcp.bbuf_size = htonl ((uint32_t) bbuf_size);
memcpy (&buf[off],
&fcp,
sizeof (struct FreshCoinP));
memcpy (&buf[off + sizeof (struct FreshCoinP)],
bbuf,
bbuf_size);
GNUNET_free (bbuf);
return sizeof (struct FreshCoinP) + bbuf_size;
} }
@ -605,41 +544,21 @@ serialize_fresh_coin (const struct FreshCoin *fc,
* @return number of bytes read from @a buf, 0 on error * @return number of bytes read from @a buf, 0 on error
*/ */
static size_t static size_t
deserialize_fresh_coin (struct FreshCoin *fc, deserialize_fresh_coin (struct FreshCoinP *fc,
const char *buf, const char *buf,
size_t size, size_t size,
int *ok) int *ok)
{ {
struct FreshCoinP fcp;
size_t bbuf_size;
if (size < sizeof (struct FreshCoinP)) if (size < sizeof (struct FreshCoinP))
{ {
GNUNET_break (0); GNUNET_break (0);
*ok = GNUNET_NO; *ok = GNUNET_NO;
return 0; return 0;
} }
memcpy (&fcp, memcpy (fc,
buf, buf,
sizeof (struct FreshCoinP)); sizeof (struct FreshCoinP));
bbuf_size = ntohl (fcp.bbuf_size); return sizeof (struct FreshCoinP);
if (size < sizeof (struct FreshCoinP) + bbuf_size)
{
GNUNET_break (0);
*ok = GNUNET_NO;
return 0;
}
fc->blinding_key.rsa_blinding_key
= GNUNET_CRYPTO_rsa_blinding_key_decode (&buf[sizeof (struct FreshCoinP)],
bbuf_size);
if (NULL == fc->blinding_key.rsa_blinding_key)
{
GNUNET_break (0);
*ok = GNUNET_NO;
return 0;
}
fc->coin_priv = fcp.coin_priv;
return sizeof (struct FreshCoinP) + bbuf_size;
} }
@ -734,7 +653,7 @@ deserialize_melt_data (const char *buf,
struct TALER_DenominationPublicKey); struct TALER_DenominationPublicKey);
for (i=0;i<TALER_CNC_KAPPA;i++) for (i=0;i<TALER_CNC_KAPPA;i++)
md->fresh_coins[i] = GNUNET_new_array (md->num_fresh_coins, md->fresh_coins[i] = GNUNET_new_array (md->num_fresh_coins,
struct FreshCoin); struct FreshCoinP);
off = sizeof (struct MeltDataP); off = sizeof (struct MeltDataP);
ok = GNUNET_YES; ok = GNUNET_YES;
off += deserialize_melted_coin (&md->melted_coin, off += deserialize_melted_coin (&md->melted_coin,
@ -775,18 +694,17 @@ deserialize_melt_data (const char *buf,
* @param pk denomination information for the fresh coin * @param pk denomination information for the fresh coin
*/ */
static void static void
setup_fresh_coin (struct FreshCoin *fc, setup_fresh_coin (struct FreshCoinP *fc,
const struct TALER_EXCHANGE_DenomPublicKey *pk) const struct TALER_EXCHANGE_DenomPublicKey *pk)
{ {
struct GNUNET_CRYPTO_EddsaPrivateKey *epk; struct GNUNET_CRYPTO_EddsaPrivateKey *epk;
unsigned int len;
epk = GNUNET_CRYPTO_eddsa_key_create (); epk = GNUNET_CRYPTO_eddsa_key_create ();
fc->coin_priv.eddsa_priv = *epk; fc->coin_priv.eddsa_priv = *epk;
GNUNET_free (epk); GNUNET_free (epk);
len = GNUNET_CRYPTO_rsa_public_key_len (pk->key.rsa_public_key); GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
fc->blinding_key.rsa_blinding_key &fc->blinding_key,
= GNUNET_CRYPTO_rsa_blinding_key_create (len); sizeof (fc->blinding_key));
} }
@ -879,7 +797,7 @@ TALER_EXCHANGE_refresh_prepare (const struct TALER_CoinSpendPrivateKeyP *melt_pr
for (i=0;i<TALER_CNC_KAPPA;i++) for (i=0;i<TALER_CNC_KAPPA;i++)
{ {
md.fresh_coins[i] = GNUNET_new_array (fresh_pks_len, md.fresh_coins[i] = GNUNET_new_array (fresh_pks_len,
struct FreshCoin); struct FreshCoinP);
for (j=0;j<fresh_pks_len;j++) for (j=0;j<fresh_pks_len;j++)
setup_fresh_coin (&md.fresh_coins[i][j], setup_fresh_coin (&md.fresh_coins[i][j],
&fresh_pks[j]); &fresh_pks[j]);
@ -919,15 +837,13 @@ TALER_EXCHANGE_refresh_prepare (const struct TALER_CoinSpendPrivateKeyP *melt_pr
{ {
for (j = 0; j < fresh_pks_len; j++) for (j = 0; j < fresh_pks_len; j++)
{ {
const struct FreshCoin *fc; /* coin this is about */ const struct FreshCoinP *fc; /* coin this is about */
struct TALER_CoinSpendPublicKeyP coin_pub; struct TALER_CoinSpendPublicKeyP coin_pub;
struct GNUNET_HashCode coin_hash; struct GNUNET_HashCode coin_hash;
char *coin_ev; /* blinded message to be signed (in envelope) for each coin */ char *coin_ev; /* blinded message to be signed (in envelope) for each coin */
size_t coin_ev_size; size_t coin_ev_size;
struct TALER_RefreshLinkDecrypted rld; struct TALER_RefreshLinkDecryptedP rld;
struct TALER_RefreshLinkEncrypted *rle; struct TALER_RefreshLinkEncryptedP rle;
char *link_enc; /* encrypted link data */
size_t link_enc_size;
fc = &md.fresh_coins[i][j]; fc = &md.fresh_coins[i][j];
GNUNET_CRYPTO_eddsa_key_get_public (&fc->coin_priv.eddsa_priv, GNUNET_CRYPTO_eddsa_key_get_public (&fc->coin_priv.eddsa_priv,
@ -936,7 +852,7 @@ TALER_EXCHANGE_refresh_prepare (const struct TALER_CoinSpendPrivateKeyP *melt_pr
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
&coin_hash); &coin_hash);
coin_ev_size = GNUNET_CRYPTO_rsa_blind (&coin_hash, coin_ev_size = GNUNET_CRYPTO_rsa_blind (&coin_hash,
fc->blinding_key.rsa_blinding_key, &fc->blinding_key.bks,
md.fresh_pks[j].rsa_public_key, md.fresh_pks[j].rsa_public_key,
&coin_ev); &coin_ev);
GNUNET_CRYPTO_hash_context_read (hash_context, GNUNET_CRYPTO_hash_context_read (hash_context,
@ -946,15 +862,12 @@ TALER_EXCHANGE_refresh_prepare (const struct TALER_CoinSpendPrivateKeyP *melt_pr
rld.coin_priv = fc->coin_priv; rld.coin_priv = fc->coin_priv;
rld.blinding_key = fc->blinding_key; rld.blinding_key = fc->blinding_key;
rle = TALER_refresh_encrypt (&rld, TALER_refresh_encrypt (&rld,
&md.link_secrets[i]); &md.link_secrets[i],
link_enc = TALER_refresh_link_encrypted_encode (rle, &rle);
&link_enc_size);
GNUNET_CRYPTO_hash_context_read (hash_context, GNUNET_CRYPTO_hash_context_read (hash_context,
link_enc, &rle,
link_enc_size); sizeof (rle));
GNUNET_free (link_enc);
} }
} }
for (i = 0; i < TALER_CNC_KAPPA; i++) for (i = 0; i < TALER_CNC_KAPPA; i++)
@ -1431,25 +1344,17 @@ TALER_EXCHANGE_refresh_melt (struct TALER_EXCHANGE_Handle *exchange,
tmp = json_array (); tmp = json_array ();
for (i=0;i<md->num_fresh_coins;i++) for (i=0;i<md->num_fresh_coins;i++)
{ {
const struct FreshCoin *fc = &md->fresh_coins[j][i]; const struct FreshCoinP *fc = &md->fresh_coins[j][i];
struct TALER_RefreshLinkDecrypted rld; struct TALER_RefreshLinkDecryptedP rld;
struct TALER_RefreshLinkEncrypted *rle; struct TALER_RefreshLinkEncryptedP rle;
char *buf;
size_t buf_len;
rld.coin_priv = fc->coin_priv; rld.coin_priv = fc->coin_priv;
rld.blinding_key = fc->blinding_key; rld.blinding_key = fc->blinding_key;
rle = TALER_refresh_encrypt (&rld, TALER_refresh_encrypt (&rld,
&md->link_secrets[j]); &md->link_secrets[j],
GNUNET_assert (NULL != rle); &rle);
buf = TALER_refresh_link_encrypted_encode (rle,
&buf_len);
GNUNET_assert (NULL != buf);
json_array_append (tmp, json_array_append (tmp,
GNUNET_JSON_from_data (buf, GNUNET_JSON_from_data_auto (&rle));
buf_len));
GNUNET_free (buf);
GNUNET_free (rle);
} }
json_array_append (link_encs, json_array_append (link_encs,
tmp); tmp);
@ -1461,7 +1366,7 @@ TALER_EXCHANGE_refresh_melt (struct TALER_EXCHANGE_Handle *exchange,
tmp = json_array (); tmp = json_array ();
for (i=0;i<md->num_fresh_coins;i++) for (i=0;i<md->num_fresh_coins;i++)
{ {
const struct FreshCoin *fc = &md->fresh_coins[j][i]; const struct FreshCoinP *fc = &md->fresh_coins[j][i];
struct TALER_CoinSpendPublicKeyP coin_pub; struct TALER_CoinSpendPublicKeyP coin_pub;
struct GNUNET_HashCode coin_hash; struct GNUNET_HashCode coin_hash;
char *coin_ev; /* blinded message to be signed (in envelope) for each coin */ char *coin_ev; /* blinded message to be signed (in envelope) for each coin */
@ -1473,7 +1378,7 @@ TALER_EXCHANGE_refresh_melt (struct TALER_EXCHANGE_Handle *exchange,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
&coin_hash); &coin_hash);
coin_ev_size = GNUNET_CRYPTO_rsa_blind (&coin_hash, coin_ev_size = GNUNET_CRYPTO_rsa_blind (&coin_hash,
fc->blinding_key.rsa_blinding_key, &fc->blinding_key.bks,
md->fresh_pks[i].rsa_public_key, md->fresh_pks[i].rsa_public_key,
&coin_ev); &coin_ev);
json_array_append (tmp, json_array_append (tmp,
@ -1655,7 +1560,7 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshRevealHandle *rrh,
} }
for (i=0;i<rrh->md->num_fresh_coins;i++) for (i=0;i<rrh->md->num_fresh_coins;i++)
{ {
const struct FreshCoin *fc; const struct FreshCoinP *fc;
struct TALER_DenominationPublicKey *pk; struct TALER_DenominationPublicKey *pk;
json_t *jsonai; json_t *jsonai;
struct GNUNET_CRYPTO_RsaSignature *blind_sig; struct GNUNET_CRYPTO_RsaSignature *blind_sig;
@ -1684,7 +1589,7 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshRevealHandle *rrh,
/* unblind the signature */ /* unblind the signature */
sig = GNUNET_CRYPTO_rsa_unblind (blind_sig, sig = GNUNET_CRYPTO_rsa_unblind (blind_sig,
fc->blinding_key.rsa_blinding_key, &fc->blinding_key.bks,
pk->rsa_public_key); pk->rsa_public_key);
GNUNET_CRYPTO_rsa_signature_free (blind_sig); GNUNET_CRYPTO_rsa_signature_free (blind_sig);

36
src/exchange-lib/exchange_api_refresh_link.c
View File

@ -91,20 +91,18 @@ parse_refresh_link_coin (const struct TALER_EXCHANGE_RefreshLinkHandle *rlh,
struct TALER_DenominationSignature *sig, struct TALER_DenominationSignature *sig,
struct TALER_DenominationPublicKey *pub) struct TALER_DenominationPublicKey *pub)
{ {
void *link_enc;
size_t link_enc_size;
struct GNUNET_CRYPTO_RsaSignature *bsig; struct GNUNET_CRYPTO_RsaSignature *bsig;
struct GNUNET_CRYPTO_RsaPublicKey *rpub; struct GNUNET_CRYPTO_RsaPublicKey *rpub;
struct TALER_RefreshLinkEncryptedP rle;
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_varsize ("link_enc", &link_enc, &link_enc_size), GNUNET_JSON_spec_fixed_auto ("link_enc", &rle),
GNUNET_JSON_spec_rsa_public_key ("denom_pub", &rpub), GNUNET_JSON_spec_rsa_public_key ("denom_pub", &rpub),
GNUNET_JSON_spec_rsa_signature ("ev_sig", &bsig), GNUNET_JSON_spec_rsa_signature ("ev_sig", &bsig),
GNUNET_JSON_spec_end() GNUNET_JSON_spec_end()
}; };
struct TALER_RefreshLinkEncrypted *rle; struct TALER_RefreshLinkDecryptedP rld;
struct TALER_RefreshLinkDecrypted *rld;
struct TALER_LinkSecretP secret; struct TALER_LinkSecretP secret;
/* parse reply */ /* parse reply */
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_JSON_parse (json, GNUNET_JSON_parse (json,
@ -115,15 +113,6 @@ parse_refresh_link_coin (const struct TALER_EXCHANGE_RefreshLinkHandle *rlh,
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
/* decode and decrypt link data */
rle = TALER_refresh_link_encrypted_decode (link_enc,
link_enc_size);
if (NULL == rle)
{
GNUNET_break_op (0);
GNUNET_JSON_parse_free (spec);
return GNUNET_SYSERR;
}
if (GNUNET_OK != if (GNUNET_OK !=
TALER_link_decrypt_secret2 (secret_enc, TALER_link_decrypt_secret2 (secret_enc,
trans_pub, trans_pub,
@ -134,24 +123,17 @@ parse_refresh_link_coin (const struct TALER_EXCHANGE_RefreshLinkHandle *rlh,
GNUNET_JSON_parse_free (spec); GNUNET_JSON_parse_free (spec);
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
rld = TALER_refresh_decrypt (rle, TALER_refresh_decrypt (&rle,
&secret); &secret,
if (NULL == rld) &rld);
{
GNUNET_break_op (0);
GNUNET_JSON_parse_free (spec);
return GNUNET_SYSERR;
}
/* extract coin and signature */ /* extract coin and signature */
*coin_priv = rld->coin_priv; *coin_priv = rld.coin_priv;
sig->rsa_signature sig->rsa_signature
= GNUNET_CRYPTO_rsa_unblind (bsig, = GNUNET_CRYPTO_rsa_unblind (bsig,
rld->blinding_key.rsa_blinding_key, &rld.blinding_key.bks,
rpub); rpub);
/* clean up */ /* clean up */
GNUNET_free (rld);
pub->rsa_public_key = GNUNET_CRYPTO_rsa_public_key_dup (rpub); pub->rsa_public_key = GNUNET_CRYPTO_rsa_public_key_dup (rpub);
GNUNET_JSON_parse_free (spec); GNUNET_JSON_parse_free (spec);
return GNUNET_OK; return GNUNET_OK;

10
src/exchange-lib/exchange_api_reserve.c
View File

@ -497,7 +497,7 @@ struct TALER_EXCHANGE_ReserveWithdrawHandle
/** /**
* Key used to blind the value. * Key used to blind the value.
*/ */
const struct TALER_DenominationBlindingKey *blinding_key; struct TALER_DenominationBlindingKeyP blinding_key;
/** /**
* Denomination key we are withdrawing. * Denomination key we are withdrawing.
@ -557,7 +557,7 @@ reserve_withdraw_ok (struct TALER_EXCHANGE_ReserveWithdrawHandle *wsh,
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
sig = GNUNET_CRYPTO_rsa_unblind (blind_sig, sig = GNUNET_CRYPTO_rsa_unblind (blind_sig,
wsh->blinding_key->rsa_blinding_key, &wsh->blinding_key.bks,
wsh->pk->key.rsa_public_key); wsh->pk->key.rsa_public_key);
GNUNET_CRYPTO_rsa_signature_free (blind_sig); GNUNET_CRYPTO_rsa_signature_free (blind_sig);
if (GNUNET_OK != if (GNUNET_OK !=
@ -777,7 +777,7 @@ TALER_EXCHANGE_reserve_withdraw (struct TALER_EXCHANGE_Handle *exchange,
const struct TALER_EXCHANGE_DenomPublicKey *pk, const struct TALER_EXCHANGE_DenomPublicKey *pk,
const struct TALER_ReservePrivateKeyP *reserve_priv, const struct TALER_ReservePrivateKeyP *reserve_priv,
const struct TALER_CoinSpendPrivateKeyP *coin_priv, const struct TALER_CoinSpendPrivateKeyP *coin_priv,
const struct TALER_DenominationBlindingKey *blinding_key, const struct TALER_DenominationBlindingKeyP *blinding_key,
TALER_EXCHANGE_ReserveWithdrawResultCallback res_cb, TALER_EXCHANGE_ReserveWithdrawResultCallback res_cb,
void *res_cb_cls) void *res_cb_cls)
{ {
@ -804,7 +804,7 @@ TALER_EXCHANGE_reserve_withdraw (struct TALER_EXCHANGE_Handle *exchange,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
&wsh->c_hash); &wsh->c_hash);
coin_ev_size = GNUNET_CRYPTO_rsa_blind (&wsh->c_hash, coin_ev_size = GNUNET_CRYPTO_rsa_blind (&wsh->c_hash,
blinding_key->rsa_blinding_key, &blinding_key->bks,
pk->key.rsa_public_key, pk->key.rsa_public_key,
&coin_ev); &coin_ev);
GNUNET_CRYPTO_eddsa_key_get_public (&reserve_priv->eddsa_priv, GNUNET_CRYPTO_eddsa_key_get_public (&reserve_priv->eddsa_priv,
@ -845,7 +845,7 @@ TALER_EXCHANGE_reserve_withdraw (struct TALER_EXCHANGE_Handle *exchange,
"reserve_sig", GNUNET_JSON_from_data_auto (&reserve_sig)); "reserve_sig", GNUNET_JSON_from_data_auto (&reserve_sig));
GNUNET_free (coin_ev); GNUNET_free (coin_ev);
wsh->blinding_key = blinding_key; wsh->blinding_key = *blinding_key;
wsh->url = MAH_path_to_url (exchange, "/reserve/withdraw"); wsh->url = MAH_path_to_url (exchange, "/reserve/withdraw");
eh = curl_easy_init (); eh = curl_easy_init ();

12
src/exchange-lib/test_exchange_api.c
View File

@ -328,7 +328,7 @@ struct Command
/** /**
* Blinding key used for the operation. * Blinding key used for the operation.
*/ */
struct TALER_DenominationBlindingKey blinding_key; struct TALER_DenominationBlindingKeyP blinding_key;
/** /**
* Withdraw handle (while operation is running). * Withdraw handle (while operation is running).
@ -1796,8 +1796,9 @@ interpreter_run (void *cls)
} }
GNUNET_CRYPTO_eddsa_key_get_public (&cmd->details.reserve_withdraw.coin_priv.eddsa_priv, GNUNET_CRYPTO_eddsa_key_get_public (&cmd->details.reserve_withdraw.coin_priv.eddsa_priv,
&coin_pub.eddsa_pub); &coin_pub.eddsa_pub);
cmd->details.reserve_withdraw.blinding_key.rsa_blinding_key GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
= GNUNET_CRYPTO_rsa_blinding_key_create (GNUNET_CRYPTO_rsa_public_key_len (cmd->details.reserve_withdraw.pk->key.rsa_public_key)); &cmd->details.reserve_withdraw.blinding_key,
sizeof (cmd->details.reserve_withdraw.blinding_key));
cmd->details.reserve_withdraw.wsh cmd->details.reserve_withdraw.wsh
= TALER_EXCHANGE_reserve_withdraw (exchange, = TALER_EXCHANGE_reserve_withdraw (exchange,
cmd->details.reserve_withdraw.pk, cmd->details.reserve_withdraw.pk,
@ -2411,11 +2412,6 @@ do_shutdown (void *cls)
GNUNET_CRYPTO_rsa_signature_free (cmd->details.reserve_withdraw.sig.rsa_signature); GNUNET_CRYPTO_rsa_signature_free (cmd->details.reserve_withdraw.sig.rsa_signature);
cmd->details.reserve_withdraw.sig.rsa_signature = NULL; cmd->details.reserve_withdraw.sig.rsa_signature = NULL;
} }
if (NULL != cmd->details.reserve_withdraw.blinding_key.rsa_blinding_key)
{
GNUNET_CRYPTO_rsa_blinding_key_free (cmd->details.reserve_withdraw.blinding_key.rsa_blinding_key);
cmd->details.reserve_withdraw.blinding_key.rsa_blinding_key = NULL;
}
break; break;
case OC_DEPOSIT: case OC_DEPOSIT:
if (NULL != cmd->details.deposit.dh) if (NULL != cmd->details.deposit.dh)

24
src/exchange/taler-exchange-httpd_db.c
View File

@ -1248,31 +1248,23 @@ check_commitment (struct MHD_Connection *connection,
for (j = 0; j < num_newcoins; j++) for (j = 0; j < num_newcoins; j++)
{ {
struct TALER_RefreshLinkDecrypted *link_data; struct TALER_RefreshLinkDecryptedP link_data;
struct TALER_CoinSpendPublicKeyP coin_pub; struct TALER_CoinSpendPublicKeyP coin_pub;
struct GNUNET_HashCode h_msg; struct GNUNET_HashCode h_msg;
char *buf; char *buf;
size_t buf_len; size_t buf_len;
link_data = TALER_refresh_decrypt (commit_coins[j].refresh_link, TALER_refresh_decrypt (&commit_coins[j].refresh_link,
&shared_secret); &shared_secret,
if (NULL == link_data) &link_data);
{ GNUNET_CRYPTO_eddsa_key_get_public (&link_data.coin_priv.eddsa_priv,
GNUNET_break (0);
GNUNET_free (commit_coins);
return (MHD_YES == TMH_RESPONSE_reply_internal_error (connection,
"Decryption error"))
? GNUNET_NO : GNUNET_SYSERR;
}
GNUNET_CRYPTO_eddsa_key_get_public (&link_data->coin_priv.eddsa_priv,
&coin_pub.eddsa_pub); &coin_pub.eddsa_pub);
GNUNET_CRYPTO_hash (&coin_pub, GNUNET_CRYPTO_hash (&coin_pub,
sizeof (struct TALER_CoinSpendPublicKeyP), sizeof (struct TALER_CoinSpendPublicKeyP),
&h_msg); &h_msg);
if (0 == (buf_len = if (0 == (buf_len =
GNUNET_CRYPTO_rsa_blind (&h_msg, GNUNET_CRYPTO_rsa_blind (&h_msg,
link_data->blinding_key.rsa_blinding_key, &link_data.blinding_key.bks,
denom_pubs[j].rsa_public_key, denom_pubs[j].rsa_public_key,
&buf))) &buf)))
{ {
@ -1283,7 +1275,7 @@ check_commitment (struct MHD_Connection *connection,
"Blinding error")) "Blinding error"))
? GNUNET_NO : GNUNET_SYSERR; ? GNUNET_NO : GNUNET_SYSERR;
} }
if ( (buf_len != commit_coins[j].coin_ev_size) || if ( (buf_len != commit_coins[j].coin_ev_size) ||
(0 != memcmp (buf, (0 != memcmp (buf,
commit_coins[j].coin_ev, commit_coins[j].coin_ev,

17
src/exchange/taler-exchange-httpd_refresh.c
View File

@ -304,10 +304,7 @@ free_commit_coins (struct TALER_EXCHANGEDB_RefreshCommitCoin **commit_coin,
if (NULL == commit_coin[i]) if (NULL == commit_coin[i])
break; break;
for (j=0;j<num_new_coins;j++) for (j=0;j<num_new_coins;j++)
{
GNUNET_free_non_null (commit_coin[i][j].coin_ev); GNUNET_free_non_null (commit_coin[i][j].coin_ev);
GNUNET_free_non_null (commit_coin[i][j].refresh_link);
}
GNUNET_free (commit_coin[i]); GNUNET_free (commit_coin[i]);
} }
} }
@ -415,8 +412,6 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
struct TALER_EXCHANGEDB_RefreshCommitCoin); struct TALER_EXCHANGEDB_RefreshCommitCoin);
for (j = 0; j < num_newcoins; j++) for (j = 0; j < num_newcoins; j++)
{ {
char *link_enc;
size_t link_enc_size;
struct TALER_EXCHANGEDB_RefreshCommitCoin *rcc = &commit_coin[i][j]; struct TALER_EXCHANGEDB_RefreshCommitCoin *rcc = &commit_coin[i][j];
struct GNUNET_JSON_Specification coin_spec[] = { struct GNUNET_JSON_Specification coin_spec[] = {
GNUNET_JSON_spec_varsize (NULL, GNUNET_JSON_spec_varsize (NULL,
@ -425,9 +420,8 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
struct GNUNET_JSON_Specification link_spec[] = { struct GNUNET_JSON_Specification link_spec[] = {
GNUNET_JSON_spec_varsize (NULL, GNUNET_JSON_spec_fixed_auto (NULL,
(void **) &link_enc, &rcc->refresh_link),
&link_enc_size),
GNUNET_JSON_spec_end () GNUNET_JSON_spec_end ()
}; };
@ -455,12 +449,9 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
res = (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; res = (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES;
goto cleanup; goto cleanup;
} }
rcc->refresh_link
= TALER_refresh_link_encrypted_decode (link_enc,
link_enc_size);
GNUNET_CRYPTO_hash_context_read (hash_context, GNUNET_CRYPTO_hash_context_read (hash_context,
link_enc, &rcc->refresh_link,
link_enc_size); sizeof (rcc->refresh_link));
GNUNET_JSON_parse_free (link_spec); GNUNET_JSON_parse_free (link_spec);
} }
} }

9
src/exchange/taler-exchange-httpd_responses.c
View File

@ -1036,11 +1036,10 @@ TMH_RESPONSE_reply_refresh_reveal_missmatch (struct MHD_Connection *connection,
cc->coin_ev_size)); cc->coin_ev_size));
json_object_set_new (cc_json, json_object_set_new (cc_json,
"coin_priv_enc", "coin_priv_enc",
GNUNET_JSON_from_data_auto (cc->refresh_link->coin_priv_enc)); GNUNET_JSON_from_data_auto (cc->refresh_link.coin_priv_enc));
json_object_set_new (cc_json, json_object_set_new (cc_json,
"blinding_key_enc", "blinding_key_enc",
GNUNET_JSON_from_data (cc->refresh_link->blinding_key_enc, GNUNET_JSON_from_data_auto (&cc->refresh_link.blinding_key_enc));
cc->refresh_link->blinding_key_enc_size));
json_array_append_new (info_commit_k, json_array_append_new (info_commit_k,
cc_json); cc_json);
@ -1105,9 +1104,7 @@ TMH_RESPONSE_reply_refresh_link_success (struct MHD_Connection *connection,
obj = json_object (); obj = json_object ();
json_object_set_new (obj, json_object_set_new (obj,
"link_enc", "link_enc",
GNUNET_JSON_from_data (pos->link_data_enc->coin_priv_enc, GNUNET_JSON_from_data_auto (&pos->link_data_enc));
sizeof (struct TALER_CoinSpendPrivateKeyP) +
pos->link_data_enc->blinding_key_enc_size));
json_object_set_new (obj, json_object_set_new (obj,
"denom_pub", "denom_pub",
GNUNET_JSON_from_rsa_public_key (pos->denom_pub.rsa_public_key)); GNUNET_JSON_from_rsa_public_key (pos->denom_pub.rsa_public_key));

21
src/exchangedb/perf_taler_exchangedb_init.c
View File

@ -573,24 +573,13 @@ struct TALER_EXCHANGEDB_RefreshCommitCoin *
PERF_TALER_EXCHANGEDB_refresh_commit_coin_init () PERF_TALER_EXCHANGEDB_refresh_commit_coin_init ()
{ {
struct TALER_EXCHANGEDB_RefreshCommitCoin *commit_coin; struct TALER_EXCHANGEDB_RefreshCommitCoin *commit_coin;
struct TALER_RefreshLinkEncrypted refresh_link;
commit_coin = GNUNET_new (struct TALER_EXCHANGEDB_RefreshCommitCoin); commit_coin = GNUNET_new (struct TALER_EXCHANGEDB_RefreshCommitCoin);
GNUNET_assert (NULL != commit_coin); GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
{/* refresh_link */ &commit_coin->refresh_link,
refresh_link = (struct TALER_RefreshLinkEncrypted) sizeof(struct TALER_RefreshLinkEncryptedP));
{
.blinding_key_enc = "blinding_key",
.blinding_key_enc_size = 13
};
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&refresh_link.coin_priv_enc,
sizeof(struct TALER_CoinSpendPrivateKeyP));
}
commit_coin->coin_ev = "coin_ev"; commit_coin->coin_ev = "coin_ev";
commit_coin->coin_ev_size = 8; commit_coin->coin_ev_size = 8;
commit_coin->refresh_link = GNUNET_new (struct TALER_RefreshLinkEncrypted);
*commit_coin->refresh_link = refresh_link;
return commit_coin; return commit_coin;
} }
@ -607,8 +596,7 @@ PERF_TALER_EXCHANGEDB_refresh_commit_coin_copy (struct TALER_EXCHANGEDB_RefreshC
struct TALER_EXCHANGEDB_RefreshCommitCoin *copy; struct TALER_EXCHANGEDB_RefreshCommitCoin *copy;
copy = GNUNET_new (struct TALER_EXCHANGEDB_RefreshCommitCoin); copy = GNUNET_new (struct TALER_EXCHANGEDB_RefreshCommitCoin);
copy->refresh_link = GNUNET_new (struct TALER_RefreshLinkEncrypted); *copy = *commit_coin;
*copy->refresh_link = *commit_coin->refresh_link;
return copy; return copy;
} }
@ -621,6 +609,5 @@ PERF_TALER_EXCHANGEDB_refresh_commit_coin_copy (struct TALER_EXCHANGEDB_RefreshC
void void
PERF_TALER_EXCHANGEDB_refresh_commit_coin_free (struct TALER_EXCHANGEDB_RefreshCommitCoin *commit_coin) PERF_TALER_EXCHANGEDB_refresh_commit_coin_free (struct TALER_EXCHANGEDB_RefreshCommitCoin *commit_coin)
{ {
GNUNET_free (commit_coin->refresh_link);
GNUNET_free (commit_coin); GNUNET_free (commit_coin);
} }

2
src/exchangedb/plugin_exchangedb_common.c
View File

@ -73,7 +73,6 @@ common_free_link_data_list (void *cls,
while (NULL != ldl) while (NULL != ldl)
{ {
next = ldl->next; next = ldl->next;
GNUNET_free (ldl->link_data_enc);
GNUNET_free (ldl); GNUNET_free (ldl);
ldl = next; ldl = next;
} }
@ -147,7 +146,6 @@ common_free_melt_commitment (void *cls,
{ {
/* NOTE: 'non_null' because this API is used also /* NOTE: 'non_null' because this API is used also
internally to clean up the struct on failures! */ internally to clean up the struct on failures! */
GNUNET_free_non_null (mc->commit_coins[k][i].refresh_link);
GNUNET_free_non_null (mc->commit_coins[k][i].coin_ev); GNUNET_free_non_null (mc->commit_coins[k][i].coin_ev);
} }
GNUNET_free (mc->commit_coins[k]); GNUNET_free (mc->commit_coins[k]);

96
src/exchangedb/plugin_exchangedb_postgres.c
View File

@ -3064,29 +3064,19 @@ postgres_insert_refresh_commit_coins (void *cls,
uint16_t num_newcoins, uint16_t num_newcoins,
const struct TALER_EXCHANGEDB_RefreshCommitCoin *commit_coins) const struct TALER_EXCHANGEDB_RefreshCommitCoin *commit_coins)
{ {
char *rle;
size_t rle_size;
PGresult *result; PGresult *result;
unsigned int i; unsigned int i;
uint16_t coin_off; uint16_t coin_off;
for (i=0;i<(unsigned int) num_newcoins;i++) for (i=0;i<(unsigned int) num_newcoins;i++)
{ {
rle = TALER_refresh_link_encrypted_encode (commit_coins[i].refresh_link,
&rle_size);
if (NULL == rle)
{
GNUNET_break (0);
return GNUNET_SYSERR;
}
coin_off = (uint16_t) i; coin_off = (uint16_t) i;
{ {
struct GNUNET_PQ_QueryParam params[] = { struct GNUNET_PQ_QueryParam params[] = {
GNUNET_PQ_query_param_auto_from_type (session_hash), GNUNET_PQ_query_param_auto_from_type (session_hash),
GNUNET_PQ_query_param_uint16 (&cnc_index), GNUNET_PQ_query_param_uint16 (&cnc_index),
GNUNET_PQ_query_param_uint16 (&coin_off), GNUNET_PQ_query_param_uint16 (&coin_off),
GNUNET_PQ_query_param_fixed_size (rle, GNUNET_PQ_query_param_auto_from_type (&commit_coins[i].refresh_link),
rle_size),
GNUNET_PQ_query_param_fixed_size (commit_coins[i].coin_ev, GNUNET_PQ_query_param_fixed_size (commit_coins[i].coin_ev,
commit_coins[i].coin_ev_size), commit_coins[i].coin_ev_size),
GNUNET_PQ_query_param_end GNUNET_PQ_query_param_end
@ -3095,7 +3085,6 @@ postgres_insert_refresh_commit_coins (void *cls,
"insert_refresh_commit_coin", "insert_refresh_commit_coin",
params); params);
} }
GNUNET_free (rle);
if (PGRES_COMMAND_OK != PQresultStatus (result)) if (PGRES_COMMAND_OK != PQresultStatus (result))
{ {
BREAK_DB_ERR (result); BREAK_DB_ERR (result);
@ -3131,8 +3120,6 @@ postgres_free_refresh_commit_coins (void *cls,
for (i=0;i<commit_coins_len;i++) for (i=0;i<commit_coins_len;i++)
{ {
GNUNET_free (commit_coins[i].refresh_link);
commit_coins[i].refresh_link = NULL;
GNUNET_free (commit_coins[i].coin_ev); GNUNET_free (commit_coins[i].coin_ev);
commit_coins[i].coin_ev = NULL; commit_coins[i].coin_ev = NULL;
commit_coins[i].coin_ev_size = 0; commit_coins[i].coin_ev_size = 0;
@ -3175,9 +3162,6 @@ postgres_get_refresh_commit_coins (void *cls,
}; };
void *c_buf; void *c_buf;
size_t c_buf_size; size_t c_buf_size;
void *rl_buf;
size_t rl_buf_size;
struct TALER_RefreshLinkEncrypted *rl;
PGresult *result; PGresult *result;
result = GNUNET_PQ_exec_prepared (session->conn, result = GNUNET_PQ_exec_prepared (session->conn,
@ -3198,12 +3182,11 @@ postgres_get_refresh_commit_coins (void *cls,
} }
{ {
struct GNUNET_PQ_ResultSpec rs[] = { struct GNUNET_PQ_ResultSpec rs[] = {
GNUNET_PQ_result_spec_variable_size ("link_vector_enc", GNUNET_PQ_result_spec_auto_from_type ("link_vector_enc",
&rl_buf, &commit_coins[i].refresh_link),
&rl_buf_size),
GNUNET_PQ_result_spec_variable_size ("coin_ev", GNUNET_PQ_result_spec_variable_size ("coin_ev",
&c_buf, &c_buf,
&c_buf_size), &c_buf_size),
GNUNET_PQ_result_spec_end GNUNET_PQ_result_spec_end
}; };
@ -3216,17 +3199,6 @@ postgres_get_refresh_commit_coins (void *cls,
} }
} }
PQclear (result); PQclear (result);
if (rl_buf_size < sizeof (struct TALER_CoinSpendPrivateKeyP))
{
GNUNET_free (c_buf);
GNUNET_free (rl_buf);
postgres_free_refresh_commit_coins (cls, i, commit_coins);
return GNUNET_SYSERR;
}
rl = TALER_refresh_link_encrypted_decode (rl_buf,
rl_buf_size);
GNUNET_free (rl_buf);
commit_coins[i].refresh_link = rl;
commit_coins[i].coin_ev = c_buf; commit_coins[i].coin_ev = c_buf;
commit_coins[i].coin_ev_size = c_buf_size; commit_coins[i].coin_ev_size = c_buf_size;
} }
@ -3475,7 +3447,6 @@ postgres_get_link_data_list (void *cls,
const struct GNUNET_HashCode *session_hash) const struct GNUNET_HashCode *session_hash)
{ {
struct TALER_EXCHANGEDB_LinkDataList *ldl; struct TALER_EXCHANGEDB_LinkDataList *ldl;
struct TALER_EXCHANGEDB_LinkDataList *pos;
int i; int i;
int nrows; int nrows;
struct GNUNET_PQ_QueryParam params[] = { struct GNUNET_PQ_QueryParam params[] = {
@ -3503,45 +3474,34 @@ postgres_get_link_data_list (void *cls,
for (i = 0; i < nrows; i++) for (i = 0; i < nrows; i++)
{ {
struct TALER_RefreshLinkEncrypted *link_enc;
struct GNUNET_CRYPTO_RsaPublicKey *denom_pub; struct GNUNET_CRYPTO_RsaPublicKey *denom_pub;
struct GNUNET_CRYPTO_RsaSignature *sig; struct GNUNET_CRYPTO_RsaSignature *sig;
void *ld_buf; struct TALER_EXCHANGEDB_LinkDataList *pos;
size_t ld_buf_size;
struct GNUNET_PQ_ResultSpec rs[] = {
GNUNET_PQ_result_spec_variable_size ("link_vector_enc",
&ld_buf,
&ld_buf_size),
GNUNET_PQ_result_spec_rsa_signature ("ev_sig",
&sig),
GNUNET_PQ_result_spec_rsa_public_key ("denom_pub",
&denom_pub),
GNUNET_PQ_result_spec_end
};
if (GNUNET_OK !=
GNUNET_PQ_extract_result (result, rs, i))
{
PQclear (result);
GNUNET_break (0);
common_free_link_data_list (cls,
ldl);
return NULL;
}
if (ld_buf_size < sizeof (struct GNUNET_CRYPTO_EddsaPrivateKey))
{
PQclear (result);
GNUNET_free (ld_buf);
common_free_link_data_list (cls,
ldl);
return NULL;
}
link_enc = TALER_refresh_link_encrypted_decode (ld_buf,
ld_buf_size);
GNUNET_free (ld_buf);
pos = GNUNET_new (struct TALER_EXCHANGEDB_LinkDataList); pos = GNUNET_new (struct TALER_EXCHANGEDB_LinkDataList);
{
struct GNUNET_PQ_ResultSpec rs[] = {
GNUNET_PQ_result_spec_auto_from_type ("link_vector_enc",
&pos->link_data_enc),
GNUNET_PQ_result_spec_rsa_signature ("ev_sig",
&sig),
GNUNET_PQ_result_spec_rsa_public_key ("denom_pub",
&denom_pub),
GNUNET_PQ_result_spec_end
};
if (GNUNET_OK !=
GNUNET_PQ_extract_result (result, rs, i))
{
PQclear (result);
GNUNET_break (0);
common_free_link_data_list (cls,
ldl);
GNUNET_free (pos);
return NULL;
}
}
pos->next = ldl; pos->next = ldl;
pos->link_data_enc = link_enc;
pos->denom_pub.rsa_public_key = denom_pub; pos->denom_pub.rsa_public_key = denom_pub;
pos->ev_sig.rsa_signature = sig; pos->ev_sig.rsa_signature = sig;
ldl = pos; ldl = pos;

59
src/exchangedb/test_exchangedb.c
View File

@ -301,18 +301,13 @@ static struct TALER_Amount amount_with_fee;
* @return 0 if they are equal * @return 0 if they are equal
*/ */
static int static int
refresh_link_encrypted_cmp (struct TALER_RefreshLinkEncrypted *rl1, refresh_link_encrypted_cmp (struct TALER_RefreshLinkEncryptedP *rl1,
struct TALER_RefreshLinkEncrypted *rl2) struct TALER_RefreshLinkEncryptedP *rl2)
{ {
if ( (rl1->blinding_key_enc_size == rl2->blinding_key_enc_size) && if (0 ==
(0 == memcmp (rl1,
memcmp (rl1->coin_priv_enc, rl2,
rl2->coin_priv_enc, sizeof (struct TALER_RefreshLinkEncryptedP)))
sizeof (struct TALER_CoinSpendPrivateKeyP))) &&
(0 ==
memcmp (rl1->blinding_key_enc,
rl2->blinding_key_enc,
rl1->blinding_key_enc_size)) )
return 0; return 0;
return 1; return 1;
} }
@ -334,8 +329,8 @@ commit_coin_cmp (struct TALER_EXCHANGEDB_RefreshCommitCoin *rc1,
rc2->coin_ev, rc2->coin_ev,
rc2->coin_ev_size)); rc2->coin_ev_size));
FAILIF (0 != FAILIF (0 !=
refresh_link_encrypted_cmp (rc1->refresh_link, refresh_link_encrypted_cmp (&rc1->refresh_link,
rc2->refresh_link)); &rc2->refresh_link));
return 0; return 0;
drop: drop:
return 1; return 1;
@ -370,10 +365,9 @@ test_refresh_commit_coins (struct TALER_EXCHANGEDB_Session *session,
{ {
struct TALER_EXCHANGEDB_RefreshCommitCoin *ret_commit_coins; struct TALER_EXCHANGEDB_RefreshCommitCoin *ret_commit_coins;
struct TALER_EXCHANGEDB_RefreshCommitCoin *a_ccoin; struct TALER_EXCHANGEDB_RefreshCommitCoin *a_ccoin;
struct TALER_RefreshLinkEncrypted *a_rlink; struct TALER_RefreshLinkEncryptedP a_rlink;
struct TALER_EXCHANGEDB_RefreshCommitCoin *b_ccoin; struct TALER_EXCHANGEDB_RefreshCommitCoin *b_ccoin;
struct TALER_RefreshLinkEncrypted *b_rlink; struct TALER_RefreshLinkEncryptedP b_rlink;
size_t size;
unsigned int cnt; unsigned int cnt;
uint16_t cnc_index; uint16_t cnc_index;
int ret; int ret;
@ -389,12 +383,12 @@ test_refresh_commit_coins (struct TALER_EXCHANGEDB_Session *session,
for (cnt=0; cnt < MELT_NEW_COINS; cnt++) for (cnt=0; cnt < MELT_NEW_COINS; cnt++)
{ {
struct TALER_EXCHANGEDB_RefreshCommitCoin *ccoin; struct TALER_EXCHANGEDB_RefreshCommitCoin *ccoin;
struct TALER_RefreshLinkEncrypted *rlink; struct TALER_RefreshLinkEncryptedP rlink;
ccoin = &commit_coins[cnc_index][cnt]; ccoin = &commit_coins[cnc_index][cnt];
size = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
COIN_ENC_MAX_SIZE); &rlink,
rlink = GNUNET_malloc (sizeof (struct TALER_RefreshLinkEncrypted) + size); sizeof (rlink));
ccoin->refresh_link = rlink; ccoin->refresh_link = rlink;
ccoin->coin_ev_size = GNUNET_CRYPTO_random_u64 ccoin->coin_ev_size = GNUNET_CRYPTO_random_u64
(GNUNET_CRYPTO_QUALITY_WEAK, COIN_ENC_MAX_SIZE); (GNUNET_CRYPTO_QUALITY_WEAK, COIN_ENC_MAX_SIZE);
@ -402,12 +396,6 @@ test_refresh_commit_coins (struct TALER_EXCHANGEDB_Session *session,
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
ccoin->coin_ev, ccoin->coin_ev,
ccoin->coin_ev_size); ccoin->coin_ev_size);
rlink->blinding_key_enc_size = size;
RND_BLK (&rlink->coin_priv_enc);
rlink->blinding_key_enc = (const char *) &rlink[1];
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
(void *)rlink->blinding_key_enc,
rlink->blinding_key_enc_size);
} }
FAILIF (GNUNET_OK != FAILIF (GNUNET_OK !=
plugin->insert_refresh_commit_coins (plugin->cls, plugin->insert_refresh_commit_coins (plugin->cls,
@ -436,13 +424,12 @@ test_refresh_commit_coins (struct TALER_EXCHANGEDB_Session *session,
a_ccoin->coin_ev_size)); a_ccoin->coin_ev_size));
a_rlink = a_ccoin->refresh_link; a_rlink = a_ccoin->refresh_link;
b_rlink = b_ccoin->refresh_link; b_rlink = b_ccoin->refresh_link;
FAILIF (a_rlink->blinding_key_enc_size != b_rlink->blinding_key_enc_size); FAILIF (0 != memcmp (a_rlink.blinding_key_enc,
FAILIF (0 != memcmp (a_rlink->blinding_key_enc, b_rlink.blinding_key_enc,
b_rlink->blinding_key_enc, sizeof (a_rlink.blinding_key_enc)));
a_rlink->blinding_key_enc_size)); FAILIF (0 != memcmp (a_rlink.coin_priv_enc,
FAILIF (0 != memcmp (a_rlink->coin_priv_enc, b_rlink.coin_priv_enc,
b_rlink->coin_priv_enc, sizeof (a_rlink.coin_priv_enc)));
sizeof (a_rlink->coin_priv_enc)));
} }
} }
ret = GNUNET_OK; ret = GNUNET_OK;
@ -745,8 +732,8 @@ test_melting (struct TALER_EXCHANGEDB_Session *session)
FAILIF (NULL == ldl); FAILIF (NULL == ldl);
for (ldlp = ldl; NULL != ldlp; ldlp = ldlp->next) for (ldlp = ldl; NULL != ldlp; ldlp = ldlp->next)
{ {
struct TALER_RefreshLinkEncrypted *r1; struct TALER_RefreshLinkEncryptedP r1;
struct TALER_RefreshLinkEncrypted *r2; struct TALER_RefreshLinkEncryptedP r2;
int found; int found;
found = GNUNET_NO; found = GNUNET_NO;
@ -762,7 +749,7 @@ test_melting (struct TALER_EXCHANGEDB_Session *session)
GNUNET_CRYPTO_rsa_signature_cmp (ldlp->ev_sig.rsa_signature, GNUNET_CRYPTO_rsa_signature_cmp (ldlp->ev_sig.rsa_signature,
ev_sigs[cnt].rsa_signature)) && ev_sigs[cnt].rsa_signature)) &&
(0 == (0 ==
refresh_link_encrypted_cmp (r1, r2)) ) refresh_link_encrypted_cmp (&r1, &r2)) )
{ {
found = GNUNET_YES; found = GNUNET_YES;
break; break;

74
src/include/taler_crypto_lib.h
View File

@ -277,20 +277,21 @@ struct TALER_CoinSpendSignatureP
}; };
GNUNET_NETWORK_STRUCT_END
/** /**
* @brief Type of blinding keys for Taler. * @brief Type of blinding keys for Taler.
*/ */
struct TALER_DenominationBlindingKey struct TALER_DenominationBlindingKeyP
{ {
/** /**
* Taler uses RSA for blinding. * Taler uses RSA for blind signatures.
*/ */
struct GNUNET_CRYPTO_RsaBlindingKey *rsa_blinding_key; struct GNUNET_CRYPTO_RsaBlindingKeySecret bks;
}; };
GNUNET_NETWORK_STRUCT_END
/** /**
* @brief Type of (unblinded) coin signatures for Taler. * @brief Type of (unblinded) coin signatures for Taler.
*/ */
@ -412,7 +413,7 @@ struct TALER_EncryptedLinkSecretP
/** /**
* @brief Representation of an refresh link in cleartext. * @brief Representation of an refresh link in cleartext.
*/ */
struct TALER_RefreshLinkDecrypted struct TALER_RefreshLinkDecryptedP
{ {
/** /**
@ -423,7 +424,7 @@ struct TALER_RefreshLinkDecrypted
/** /**
* Blinding key. * Blinding key.
*/ */
struct TALER_DenominationBlindingKey blinding_key; struct TALER_DenominationBlindingKeyP blinding_key;
}; };
@ -483,25 +484,17 @@ struct TALER_WireTransferIdentifierP
}; };
GNUNET_NETWORK_STRUCT_END
/** /**
* @brief Representation of an encrypted refresh link. * @brief Representation of an encrypted refresh link.
*/ */
struct TALER_RefreshLinkEncrypted struct TALER_RefreshLinkEncryptedP
{ {
/** /**
* Encrypted blinding key with @e blinding_key_enc_size bytes, * Encrypted blinding key with @e blinding_key_enc_size bytes,
* must be allocated at the end of this struct. * must be allocated at the end of this struct.
*/ */
const char *blinding_key_enc; char blinding_key_enc[sizeof (struct TALER_DenominationBlindingKeyP)];
/**
* Number of bytes in @e blinding_key_enc.
*/
size_t blinding_key_enc_size;
/** /**
* Encrypted private key of the coin. * Encrypted private key of the coin.
@ -511,6 +504,10 @@ struct TALER_RefreshLinkEncrypted
}; };
GNUNET_NETWORK_STRUCT_END
/** /**
* Decrypt the shared @a secret from the information in the * Decrypt the shared @a secret from the information in the
* encrypted link secret @e secret_enc using the transfer * encrypted link secret @e secret_enc using the transfer
@ -618,11 +615,12 @@ TALER_transfer_encrypt (const struct TALER_LinkSecretP *secret,
* *
* @param input encrypted refresh link data * @param input encrypted refresh link data
* @param secret shared secret to use for decryption * @param secret shared secret to use for decryption
* @return NULL on error * @param[out] output where to write decrypted refresh link
*/ */
struct TALER_RefreshLinkDecrypted * void
TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, TALER_refresh_decrypt (const struct TALER_RefreshLinkEncryptedP *input,
const struct TALER_LinkSecretP *secret); const struct TALER_LinkSecretP *secret,
struct TALER_RefreshLinkDecryptedP *output);
/** /**
@ -630,36 +628,12 @@ TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input,
* *
* @param input plaintext refresh link data * @param input plaintext refresh link data
* @param secret shared secret to use for encryption * @param secret shared secret to use for encryption
* @return NULL on error (should never happen) * @param[out] output where to write encrypted refresh link
*/ */
struct TALER_RefreshLinkEncrypted * void
TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input, TALER_refresh_encrypt (const struct TALER_RefreshLinkDecryptedP *input,
const struct TALER_LinkSecretP *secret); const struct TALER_LinkSecretP *secret,
struct TALER_RefreshLinkEncryptedP *output);
/**
* Decode encrypted refresh link information from buffer.
*
* @param buf buffer with refresh link data
* @param buf_len number of bytes in @a buf
* @return NULL on error (@a buf_len too small)
*/
struct TALER_RefreshLinkEncrypted *
TALER_refresh_link_encrypted_decode (const char *buf,
size_t buf_len);
/**
* Encode encrypted refresh link information to buffer.
*
* @param rle refresh link to encode
* @param[out] buf_len set number of bytes returned
* @return NULL on error, otherwise buffer with encoded @a rle
*/
char *
TALER_refresh_link_encrypted_encode (const struct TALER_RefreshLinkEncrypted *rle,
size_t *buf_len);
#endif #endif

2
src/include/taler_exchange_service.h
View File

@ -725,7 +725,7 @@ TALER_EXCHANGE_reserve_withdraw (struct TALER_EXCHANGE_Handle *exchange,
const struct TALER_EXCHANGE_DenomPublicKey *pk, const struct TALER_EXCHANGE_DenomPublicKey *pk,
const struct TALER_ReservePrivateKeyP *reserve_priv, const struct TALER_ReservePrivateKeyP *reserve_priv,
const struct TALER_CoinSpendPrivateKeyP *coin_priv, const struct TALER_CoinSpendPrivateKeyP *coin_priv,
const struct TALER_DenominationBlindingKey *blinding_key, const struct TALER_DenominationBlindingKeyP *blinding_key,
TALER_EXCHANGE_ReserveWithdrawResultCallback res_cb, TALER_EXCHANGE_ReserveWithdrawResultCallback res_cb,
void *res_cb_cls); void *res_cb_cls);

4
src/include/taler_exchangedb_plugin.h
View File

@ -442,7 +442,7 @@ struct TALER_EXCHANGEDB_RefreshCommitCoin
* Encrypted data allowing those able to decrypt it to derive * Encrypted data allowing those able to decrypt it to derive
* the private keys of the new coins created by the refresh. * the private keys of the new coins created by the refresh.
*/ */
struct TALER_RefreshLinkEncrypted *refresh_link; struct TALER_RefreshLinkEncryptedP refresh_link;
/** /**
* Blinded message to be signed (in envelope), with @e coin_env_size bytes. * Blinded message to be signed (in envelope), with @e coin_env_size bytes.
@ -471,7 +471,7 @@ struct TALER_EXCHANGEDB_LinkDataList
* Link data, used to recover the private key of the coin * Link data, used to recover the private key of the coin
* by the owner of the old coin. * by the owner of the old coin.
*/ */
struct TALER_RefreshLinkEncrypted *link_data_enc; struct TALER_RefreshLinkEncryptedP link_data_enc;
/** /**
* Denomination public key, determines the value of the coin. * Denomination public key, determines the value of the coin.

149
src/util/crypto.c
View File

@ -227,41 +227,25 @@ TALER_transfer_encrypt (const struct TALER_LinkSecretP *secret,
* *
* @param input encrypted refresh link data * @param input encrypted refresh link data
* @param secret shared secret to use for decryption * @param secret shared secret to use for decryption
* @return NULL on error * @param[out] output where to write decrypted data
*/ */
struct TALER_RefreshLinkDecrypted * void
TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, TALER_refresh_decrypt (const struct TALER_RefreshLinkEncryptedP *input,
const struct TALER_LinkSecretP *secret) const struct TALER_LinkSecretP *secret,
struct TALER_RefreshLinkDecryptedP *output)
{ {
struct TALER_RefreshLinkDecrypted *ret;
struct GNUNET_CRYPTO_SymmetricInitializationVector iv; struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
struct GNUNET_CRYPTO_SymmetricSessionKey skey; struct GNUNET_CRYPTO_SymmetricSessionKey skey;
size_t buf_size = input->blinding_key_enc_size
+ sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey);
char buf[buf_size];
GNUNET_assert (input->blinding_key_enc == (const char *) &input[1]);
derive_refresh_key (secret, &iv, &skey); derive_refresh_key (secret, &iv, &skey);
if (buf_size != GNUNET_assert (sizeof (struct TALER_RefreshLinkEncryptedP) ==
GNUNET_CRYPTO_symmetric_decrypt (input->coin_priv_enc, sizeof (struct TALER_RefreshLinkDecryptedP));
buf_size, GNUNET_assert (sizeof (struct TALER_RefreshLinkEncryptedP) ==
&skey, GNUNET_CRYPTO_symmetric_decrypt (input,
&iv, sizeof (struct TALER_RefreshLinkEncryptedP),
buf)) &skey,
return NULL; &iv,
ret = GNUNET_new (struct TALER_RefreshLinkDecrypted); output));
memcpy (&ret->coin_priv,
buf,
sizeof (struct TALER_CoinSpendPrivateKeyP));
ret->blinding_key.rsa_blinding_key
= GNUNET_CRYPTO_rsa_blinding_key_decode (&buf[sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)],
input->blinding_key_enc_size);
if (NULL == ret->blinding_key.rsa_blinding_key)
{
GNUNET_free (ret);
return NULL;
}
return ret;
} }
@ -270,106 +254,25 @@ TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input,
* *
* @param input plaintext refresh link data * @param input plaintext refresh link data
* @param secret shared secret to use for encryption * @param secret shared secret to use for encryption
* @return NULL on error (should never happen) * @param[out] output where to write encrypted link data
*/ */
struct TALER_RefreshLinkEncrypted * void
TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input, TALER_refresh_encrypt (const struct TALER_RefreshLinkDecryptedP *input,
const struct TALER_LinkSecretP *secret) const struct TALER_LinkSecretP *secret,
struct TALER_RefreshLinkEncryptedP *output)
{ {
char *b_buf;
size_t b_buf_size;
struct GNUNET_CRYPTO_SymmetricInitializationVector iv; struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
struct GNUNET_CRYPTO_SymmetricSessionKey skey; struct GNUNET_CRYPTO_SymmetricSessionKey skey;
struct TALER_RefreshLinkEncrypted *ret;
derive_refresh_key (secret, &iv, &skey); derive_refresh_key (secret, &iv, &skey);
b_buf_size = GNUNET_CRYPTO_rsa_blinding_key_encode (input->blinding_key.rsa_blinding_key, GNUNET_assert (sizeof (struct TALER_RefreshLinkEncryptedP) ==
&b_buf); sizeof (struct TALER_RefreshLinkDecryptedP));
ret = GNUNET_malloc (sizeof (struct TALER_RefreshLinkEncrypted) + GNUNET_assert (sizeof (struct TALER_RefreshLinkEncryptedP) ==
b_buf_size); GNUNET_CRYPTO_symmetric_encrypt (input,
ret->blinding_key_enc = (const char *) &ret[1]; sizeof (struct TALER_RefreshLinkDecryptedP),
ret->blinding_key_enc_size = b_buf_size; &skey,
{ &iv,
size_t buf_size = b_buf_size + sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey); output));
char buf[buf_size];
memcpy (buf,
&input->coin_priv,
sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey));
memcpy (&buf[sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey)],
b_buf,
b_buf_size);
if (buf_size !=
GNUNET_CRYPTO_symmetric_encrypt (buf,
buf_size,
&skey,
&iv,
ret->coin_priv_enc))
{
GNUNET_free (ret);
return NULL;
}
}
return ret;
}
/**
* Decode encrypted refresh link information from buffer.
*
* @param buf buffer with refresh link data
* @param buf_len number of bytes in @a buf
* @return NULL on error (@a buf_len too small)
*/
struct TALER_RefreshLinkEncrypted *
TALER_refresh_link_encrypted_decode (const char *buf,
size_t buf_len)
{
struct TALER_RefreshLinkEncrypted *rle;
if (buf_len < sizeof (struct TALER_CoinSpendPrivateKeyP))
return NULL;
if (buf_len >= GNUNET_MAX_MALLOC_CHECKED)
{
GNUNET_break (0);
return NULL;
}
rle = GNUNET_malloc (sizeof (struct TALER_RefreshLinkEncrypted) +
buf_len - sizeof (struct TALER_CoinSpendPrivateKeyP));
rle->blinding_key_enc = (const char *) &rle[1];
rle->blinding_key_enc_size = buf_len - sizeof (struct TALER_CoinSpendPrivateKeyP);
memcpy (rle->coin_priv_enc,
buf,
buf_len);
return rle;
}
/**
* Encode encrypted refresh link information to buffer.
*
* @param rle refresh link to encode
* @param[out] buf_len set number of bytes returned
* @return NULL on error, otherwise buffer with encoded @a rle
*/
char *
TALER_refresh_link_encrypted_encode (const struct TALER_RefreshLinkEncrypted *rle,
size_t *buf_len)
{
char *buf;
if (rle->blinding_key_enc_size >= GNUNET_MAX_MALLOC_CHECKED - sizeof (struct TALER_CoinSpendPrivateKeyP))
{
GNUNET_break (0);
return NULL;
}
*buf_len = sizeof (struct TALER_CoinSpendPrivateKeyP) + rle->blinding_key_enc_size;
buf = GNUNET_malloc (*buf_len);
memcpy (buf,
rle->coin_priv_enc,
*buf_len);
return buf;
} }

67
src/util/test_crypto.c
View File

@ -36,9 +36,9 @@ test_basics ()
struct TALER_TransferSecretP trans_sec; struct TALER_TransferSecretP trans_sec;
struct TALER_LinkSecretP secret; struct TALER_LinkSecretP secret;
struct TALER_LinkSecretP secret2; struct TALER_LinkSecretP secret2;
struct TALER_RefreshLinkEncrypted *rl_enc; struct TALER_RefreshLinkEncryptedP rl_enc;
struct TALER_RefreshLinkDecrypted rl; struct TALER_RefreshLinkDecryptedP rl;
struct TALER_RefreshLinkDecrypted *rld; struct TALER_RefreshLinkDecryptedP rld;
GNUNET_log_setup ("test-crypto", GNUNET_log_setup ("test-crypto",
"WARNING", "WARNING",
@ -47,11 +47,11 @@ test_basics ()
&secret, &secret,
sizeof (secret)); sizeof (secret));
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&rl.coin_priv, &rl,
sizeof (rl.coin_priv)); sizeof (rl));
rl.blinding_key.rsa_blinding_key = GNUNET_CRYPTO_rsa_blinding_key_create (1024); TALER_refresh_encrypt (&rl,
rl_enc = TALER_refresh_encrypt (&rl, &secret,
&secret); &rl_enc);
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&trans_sec, &trans_sec,
sizeof (trans_sec)); sizeof (trans_sec));
@ -66,49 +66,12 @@ test_basics ()
GNUNET_assert (0 == memcmp (&secret, GNUNET_assert (0 == memcmp (&secret,
&secret2, &secret2,
sizeof (secret))); sizeof (secret)));
rld = TALER_refresh_decrypt (rl_enc, TALER_refresh_decrypt (&rl_enc,
&secret2); &secret2,
GNUNET_assert (NULL != rld); &rld);
GNUNET_assert (0 == memcmp (&rld->coin_priv, GNUNET_assert (0 == memcmp (&rld,
&rl.coin_priv, &rl,
sizeof (struct TALER_CoinSpendPrivateKeyP))); sizeof (struct TALER_RefreshLinkDecryptedP)));
GNUNET_assert (0 ==
GNUNET_CRYPTO_rsa_blinding_key_cmp (rl.blinding_key.rsa_blinding_key,
rld->blinding_key.rsa_blinding_key));
GNUNET_CRYPTO_rsa_blinding_key_free (rld->blinding_key.rsa_blinding_key);
GNUNET_free (rld);
GNUNET_CRYPTO_rsa_blinding_key_free (rl.blinding_key.rsa_blinding_key);
return 0;
}
/**
* Test #TALER_refresh_link_encrypted_decode().
*
* @return 0 on success
*/
static int
test_rled ()
{
struct TALER_RefreshLinkEncrypted *rle;
char buf[512];
char *buf2;
size_t buf_len = sizeof (buf);
memset (buf, 42, sizeof (buf));
rle = TALER_refresh_link_encrypted_decode (buf,
buf_len);
GNUNET_assert (NULL != rle);
buf_len = 42;
buf2 = TALER_refresh_link_encrypted_encode (rle,
&buf_len);
GNUNET_assert (NULL != buf2);
GNUNET_assert (buf_len == sizeof (buf));
GNUNET_assert (0 == memcmp (buf,
buf2,
buf_len));
GNUNET_free (rle);
GNUNET_free (buf2);
return 0; return 0;
} }
@ -172,8 +135,6 @@ main(int argc,
{ {
if (0 != test_basics ()) if (0 != test_basics ())
return 1; return 1;
if (0 != test_rled ())
return 1;
if (0 != test_high_level ()) if (0 != test_high_level ())
return 1; return 1;
return 0; return 0;