diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 2e0674fb1..8e5df1fca 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -759,18 +759,12 @@ struct TALER_BlindedRsaPlanchet */ struct TALER_BlindedCsPlanchet { - /** - * Withdraw or refresh nonce used for derivation - */ - struct GNUNET_CRYPTO_CsNonce nonce; - /** * The Clause Schnorr c_0 and c_1 containing the blinded message */ struct GNUNET_CRYPTO_CsC c[2]; }; - /** * @brief Type including Parameters to create blinded signature * @@ -800,6 +794,21 @@ struct TALER_BlindedPlanchet } details; }; +struct TALER_WithdrawNonce +{ + /** + * 32 bit nonce to include in withdrawals + */ + struct GNUNET_CRYPTO_CsNonce nonce; +}; + +struct TALER_RefreshNonce +{ + /** + * 32 bit nonce to include in withdrawals + */ + struct GNUNET_CRYPTO_CsNonce nonce; +}; /** * @brief RSA Parameters to create blinded messages @@ -868,6 +877,11 @@ struct TALER_PlanchetDeriveCsBlindingSecrets * size of the secret to derive blinding secrets from */ size_t secret_len; + + /** + * public R_0 and R_1 are hashed too + */ + struct GNUNET_CRYPTO_CsRPublic r_pub[2]; }; /** @@ -938,6 +952,16 @@ struct TALER_TrackTransferDetails void TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub); +/** + * @brief Method to generate withdraw nonce + * + * @param coin_priv private key of the coin + * @param nonce withdraw nonce included in the request to generate R_0 and R_1 + */ +void +TALER_cs_withdraw_nonce_derive (const struct + TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_WithdrawNonce *nonce); /** * Create a blinding secret @a bs for @a cipher. @@ -1397,8 +1421,7 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed, */ void TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps, - enum TALER_DenominationCipher cipher, - ...); + enum TALER_DenominationCipher cipher); /** diff --git a/src/util/crypto.c b/src/util/crypto.c index a8413e0f5..40c69b54a 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -167,10 +167,53 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed, void -blinding_secret_create_va (union TALER_DenominationBlindingKeyP *bs, - enum TALER_DenominationCipher cipher, - va_list ap) +cs_blinding_seed_derive (const void *secret, + size_t secret_len, + const struct GNUNET_CRYPTO_CsRPublic r_pub[2], + struct GNUNET_CRYPTO_CsNonce *blind_seed) { + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_hkdf (blind_seed, + sizeof (*blind_seed), + GCRY_MD_SHA512, + GCRY_MD_SHA256, + "bseed", + strlen ("bseed"), + secret, + secret_len, + r_pub, + sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2, + NULL, + 0)); +} + + +void +TALER_cs_withdraw_nonce_derive (const struct + TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_WithdrawNonce *nonce) +{ + GNUNET_assert (GNUNET_YES == + GNUNET_CRYPTO_hkdf (nonce, + sizeof (*nonce), + GCRY_MD_SHA512, + GCRY_MD_SHA256, + "n", + strlen ("n"), + coin_priv, + sizeof(*coin_priv), + NULL, + 0)); +} + + +void +TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs, + enum TALER_DenominationCipher cipher, + ...) +{ + va_list ap; + va_start (ap, cipher); switch (cipher) { case TALER_DENOMINATION_INVALID: @@ -184,51 +227,50 @@ blinding_secret_create_va (union TALER_DenominationBlindingKeyP *bs, return; case TALER_DENOMINATION_CS: { - // TODO: nonce teil ist noch falsch. da kommt bs[2] zurück, was wir nicht speichern wollen! - struct TALER_PlanchetDeriveCsBlindingSecrets*seed; - - seed = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *); - - // GNUNET_CRYPTO_cs_blinding_secrets_derive(&seed->secret, - // seed->secret_len, - // &bs->nonce); + struct TALER_PlanchetDeriveCsBlindingSecrets *params; + params = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *); + cs_blinding_seed_derive (params->secret, + params->secret_len, + params->r_pub, + &bs->nonce); return; } - default: GNUNET_break (0); } - - GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, - bs, - sizeof (*bs)); -} - - -void -TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs, - enum TALER_DenominationCipher cipher, - ...) -{ - va_list ap; - va_start (ap, cipher); - blinding_secret_create_va (bs, cipher, ap); va_end (ap); } +/** + * @brief setup a random planchet + * In Case of RSA planchet, the bks gets set + * In Case of Schnorr this will be set in future + */ void TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps, - enum TALER_DenominationCipher cipher, - ...) + enum TALER_DenominationCipher cipher) { GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, &ps->coin_priv, sizeof (struct TALER_CoinSpendPrivateKeyP)); - va_list ap; - va_start (ap, cipher); - blinding_secret_create_va (&ps->blinding_key, cipher, ap); - va_end (ap); + switch (cipher) + { + case TALER_DENOMINATION_INVALID: + GNUNET_break (0); + return; + case TALER_DENOMINATION_RSA: + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &ps->blinding_key.rsa_bks, + sizeof (struct + GNUNET_CRYPTO_RsaBlindingKeySecret)); + return; + case TALER_DENOMINATION_CS: + // Will be set in a later stage for Clause Blind Schnorr Scheme + return; + default: + GNUNET_break (0); + } } diff --git a/src/util/denom.c b/src/util/denom.c index bcfa3efab..6ff92e894 100644 --- a/src/util/denom.c +++ b/src/util/denom.c @@ -199,7 +199,10 @@ TALER_denom_pub_hash (const struct TALER_DenominationPublicKey *denom_pub, GNUNET_free (buf); } break; - // TODO: add case for Clause-Schnorr + case TALER_DENOMINATION_CS: + GNUNET_CRYPTO_hash_context_read (hc, + &denom_pub->details.cs_public_key, + sizeof(denom_pub->details.cs_public_key)); default: GNUNET_assert (0); } @@ -237,11 +240,6 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk, struct TALER_CoinPubHash *c_hash, struct TALER_BlindedPlanchet *blinded_planchet) { - // if (dk->cipher != blinded_planchet->cipher) - // { - // GNUNET_break (0); - // return GNUNET_SYSERR; - // } blinded_planchet->cipher = dk->cipher; TALER_coin_pub_hash (coin_pub, age_commitment_hash, diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c index 12f9e64c0..a91536bf7 100644 --- a/src/util/test_crypto.c +++ b/src/util/test_crypto.c @@ -141,13 +141,14 @@ test_planchets_rsa (void) static int test_planchets_cs (void) { - // struct TALER_PlanchetSecretsP ps; + struct TALER_PlanchetSecretsP ps; struct TALER_DenominationPrivateKey dk_priv; struct TALER_DenominationPublicKey dk_pub; - // struct TALER_PlanchetDetail pd; + struct TALER_PlanchetDetail pd; + struct TALER_CoinPubHash c_hash; + struct TALER_WithdrawNonce nonce; // struct TALER_BlindedDenominationSignature blind_sig; // struct TALER_FreshCoin coin; - // struct TALER_CoinPubHash c_hash; // struct TALER_PlanchetDeriveCsBlindingSecrets seed; GNUNET_assert (GNUNET_OK == @@ -158,8 +159,12 @@ test_planchets_cs (void) // seed.secret = "test secret"; // seed.secret_len = strlen ("test secret"); - // TODO: Probably need to adjust GNUNET CS implementation for the CSNonce creation and afterwards adjust the derive function - // TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS, &seed); + TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS); + TALER_cs_withdraw_nonce_derive (&ps.coin_priv, &nonce); + + // NEXT: Implement to create withdraw nonce + // Implement to get R_0 and R_1 + // Implement to genrate b-seed from it and calculate c then§ // GNUNET_assert (GNUNET_OK == // TALER_planchet_prepare (&dk_pub,