taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

CS planchet create and withdraw create

Browse Source
This commit is contained in:
Gian Demarmels 2021-12-22 11:45:22 +01:00
parent f3fb7c29e6
commit 385eb51e93
No known key found for this signature in database
GPG Key ID: 030CEDDCCC92D778
4 changed files with 120 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/include/taler_crypto_lib.h
View File

@ -759,18 +759,12 @@ struct TALER_BlindedRsaPlanchet
*/
struct TALER_BlindedCsPlanchet
{
/**
* Withdraw or refresh nonce used for derivation
*/
struct GNUNET_CRYPTO_CsNonce nonce;
/**
* The Clause Schnorr c_0 and c_1 containing the blinded message
*/
struct GNUNET_CRYPTO_CsC c[2];
};
/**
* @brief Type including Parameters to create blinded signature
*
@ -800,6 +794,21 @@ struct TALER_BlindedPlanchet
} details;
};
struct TALER_WithdrawNonce
{
/**
* 32 bit nonce to include in withdrawals
*/
struct GNUNET_CRYPTO_CsNonce nonce;
};
struct TALER_RefreshNonce
{
/**
* 32 bit nonce to include in withdrawals
*/
struct GNUNET_CRYPTO_CsNonce nonce;
};
/**
* @brief RSA Parameters to create blinded messages
@ -868,6 +877,11 @@ struct TALER_PlanchetDeriveCsBlindingSecrets
* size of the secret to derive blinding secrets from
*/
size_t secret_len;
/**
* public R_0 and R_1 are hashed too
*/
struct GNUNET_CRYPTO_CsRPublic r_pub[2];
};
/**
@ -938,6 +952,16 @@ struct TALER_TrackTransferDetails
void
TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
/**
* @brief Method to generate withdraw nonce
*
* @param coin_priv private key of the coin
* @param nonce withdraw nonce included in the request to generate R_0 and R_1
*/
void
TALER_cs_withdraw_nonce_derive (const struct
TALER_CoinSpendPrivateKeyP *coin_priv,
struct TALER_WithdrawNonce *nonce);
/**
* Create a blinding secret @a bs for @a cipher.
@ -1397,8 +1421,7 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
*/
void
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
enum TALER_DenominationCipher cipher,
...);
enum TALER_DenominationCipher cipher);
/**

108
src/util/crypto.c
View File

@ -167,10 +167,53 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
void
blinding_secret_create_va (union TALER_DenominationBlindingKeyP *bs,
enum TALER_DenominationCipher cipher,
va_list ap)
cs_blinding_seed_derive (const void *secret,
size_t secret_len,
const struct GNUNET_CRYPTO_CsRPublic r_pub[2],
struct GNUNET_CRYPTO_CsNonce *blind_seed)
{
GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_hkdf (blind_seed,
sizeof (*blind_seed),
GCRY_MD_SHA512,
GCRY_MD_SHA256,
"bseed",
strlen ("bseed"),
secret,
secret_len,
r_pub,
sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2,
NULL,
0));
}
void
TALER_cs_withdraw_nonce_derive (const struct
TALER_CoinSpendPrivateKeyP *coin_priv,
struct TALER_WithdrawNonce *nonce)
{
GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_hkdf (nonce,
sizeof (*nonce),
GCRY_MD_SHA512,
GCRY_MD_SHA256,
"n",
strlen ("n"),
coin_priv,
sizeof(*coin_priv),
NULL,
0));
}
void
TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
enum TALER_DenominationCipher cipher,
...)
{
va_list ap;
va_start (ap, cipher);
switch (cipher)
{
case TALER_DENOMINATION_INVALID:
@ -184,51 +227,50 @@ blinding_secret_create_va (union TALER_DenominationBlindingKeyP *bs,
return;
case TALER_DENOMINATION_CS:
{
// TODO: nonce teil ist noch falsch. da kommt bs[2] zurück, was wir nicht speichern wollen!
struct TALER_PlanchetDeriveCsBlindingSecrets*seed;
seed = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *);
// GNUNET_CRYPTO_cs_blinding_secrets_derive(&seed->secret,
// seed->secret_len,
// &bs->nonce);
struct TALER_PlanchetDeriveCsBlindingSecrets *params;
params = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *);
cs_blinding_seed_derive (params->secret,
params->secret_len,
params->r_pub,
&bs->nonce);
return;
}
default:
GNUNET_break (0);
}
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
bs,
sizeof (*bs));
}
void
TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
enum TALER_DenominationCipher cipher,
...)
{
va_list ap;
va_start (ap, cipher);
blinding_secret_create_va (bs, cipher, ap);
va_end (ap);
}
/**
* @brief setup a random planchet
* In Case of RSA planchet, the bks gets set
* In Case of Schnorr this will be set in future
*/
void
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
enum TALER_DenominationCipher cipher,
...)
enum TALER_DenominationCipher cipher)
{
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&ps->coin_priv,
sizeof (struct TALER_CoinSpendPrivateKeyP));
va_list ap;
va_start (ap, cipher);
blinding_secret_create_va (&ps->blinding_key, cipher, ap);
va_end (ap);
switch (cipher)
{
case TALER_DENOMINATION_INVALID:
GNUNET_break (0);
return;
case TALER_DENOMINATION_RSA:
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&ps->blinding_key.rsa_bks,
sizeof (struct
GNUNET_CRYPTO_RsaBlindingKeySecret));
return;
case TALER_DENOMINATION_CS:
// Will be set in a later stage for Clause Blind Schnorr Scheme
return;
default:
GNUNET_break (0);
}
}

10
src/util/denom.c
View File

@ -199,7 +199,10 @@ TALER_denom_pub_hash (const struct TALER_DenominationPublicKey *denom_pub,
GNUNET_free (buf);
}
break;
// TODO: add case for Clause-Schnorr
case TALER_DENOMINATION_CS:
GNUNET_CRYPTO_hash_context_read (hc,
&denom_pub->details.cs_public_key,
sizeof(denom_pub->details.cs_public_key));
default:
GNUNET_assert (0);
}
@ -237,11 +240,6 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk,
struct TALER_CoinPubHash *c_hash,
struct TALER_BlindedPlanchet *blinded_planchet)
{
// if (dk->cipher != blinded_planchet->cipher)
// {
// GNUNET_break (0);
// return GNUNET_SYSERR;
// }
blinded_planchet->cipher = dk->cipher;
TALER_coin_pub_hash (coin_pub,
age_commitment_hash,

15
src/util/test_crypto.c
View File

@ -141,13 +141,14 @@ test_planchets_rsa (void)
static int
test_planchets_cs (void)
{
// struct TALER_PlanchetSecretsP ps;
struct TALER_PlanchetSecretsP ps;
struct TALER_DenominationPrivateKey dk_priv;
struct TALER_DenominationPublicKey dk_pub;
// struct TALER_PlanchetDetail pd;
struct TALER_PlanchetDetail pd;
struct TALER_CoinPubHash c_hash;
struct TALER_WithdrawNonce nonce;
// struct TALER_BlindedDenominationSignature blind_sig;
// struct TALER_FreshCoin coin;
// struct TALER_CoinPubHash c_hash;
// struct TALER_PlanchetDeriveCsBlindingSecrets seed;
GNUNET_assert (GNUNET_OK ==
@ -158,8 +159,12 @@ test_planchets_cs (void)
// seed.secret = "test secret";
// seed.secret_len = strlen ("test secret");
// TODO: Probably need to adjust GNUNET CS implementation for the CSNonce creation and afterwards adjust the derive function
// TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS, &seed);
TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS);
TALER_cs_withdraw_nonce_derive (&ps.coin_priv, &nonce);
// NEXT: Implement to create withdraw nonce
// Implement to get R_0 and R_1
// Implement to genrate b-seed from it and calculate c then§
// GNUNET_assert (GNUNET_OK ==
// TALER_planchet_prepare (&dk_pub,