taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

CS planchet create and withdraw create

Browse Source
This commit is contained in:
Gian Demarmels 2021-12-22 11:45:22 +01:00
parent f3fb7c29e6
commit 385eb51e93
No known key found for this signature in database
GPG Key ID: 030CEDDCCC92D778
4 changed files with 120 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/include/taler_crypto_lib.h
View File

@ -759,18 +759,12 @@ struct TALER_BlindedRsaPlanchet
*/ */
struct TALER_BlindedCsPlanchet struct TALER_BlindedCsPlanchet
{ {
/**
* Withdraw or refresh nonce used for derivation
*/
struct GNUNET_CRYPTO_CsNonce nonce;
/** /**
* The Clause Schnorr c_0 and c_1 containing the blinded message * The Clause Schnorr c_0 and c_1 containing the blinded message
*/ */
struct GNUNET_CRYPTO_CsC c[2]; struct GNUNET_CRYPTO_CsC c[2];
}; };
/** /**
* @brief Type including Parameters to create blinded signature * @brief Type including Parameters to create blinded signature
* *
@ -800,6 +794,21 @@ struct TALER_BlindedPlanchet
} details; } details;
}; };
struct TALER_WithdrawNonce
{
/**
* 32 bit nonce to include in withdrawals
*/
struct GNUNET_CRYPTO_CsNonce nonce;
};
struct TALER_RefreshNonce
{
/**
* 32 bit nonce to include in withdrawals
*/
struct GNUNET_CRYPTO_CsNonce nonce;
};
/** /**
* @brief RSA Parameters to create blinded messages * @brief RSA Parameters to create blinded messages
@ -868,6 +877,11 @@ struct TALER_PlanchetDeriveCsBlindingSecrets
* size of the secret to derive blinding secrets from * size of the secret to derive blinding secrets from
*/ */
size_t secret_len; size_t secret_len;
/**
* public R_0 and R_1 are hashed too
*/
struct GNUNET_CRYPTO_CsRPublic r_pub[2];
}; };
/** /**
@ -938,6 +952,16 @@ struct TALER_TrackTransferDetails
void void
TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub); TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
/**
* @brief Method to generate withdraw nonce
*
* @param coin_priv private key of the coin
* @param nonce withdraw nonce included in the request to generate R_0 and R_1
*/
void
TALER_cs_withdraw_nonce_derive (const struct
TALER_CoinSpendPrivateKeyP *coin_priv,
struct TALER_WithdrawNonce *nonce);
/** /**
* Create a blinding secret @a bs for @a cipher. * Create a blinding secret @a bs for @a cipher.
@ -1397,8 +1421,7 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
*/ */
void void
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps, TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
enum TALER_DenominationCipher cipher, enum TALER_DenominationCipher cipher);
...);
/** /**

108
src/util/crypto.c
View File

@ -167,10 +167,53 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
void void
blinding_secret_create_va (union TALER_DenominationBlindingKeyP *bs, cs_blinding_seed_derive (const void *secret,
enum TALER_DenominationCipher cipher, size_t secret_len,
va_list ap) const struct GNUNET_CRYPTO_CsRPublic r_pub[2],
struct GNUNET_CRYPTO_CsNonce *blind_seed)
{ {
GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_hkdf (blind_seed,
sizeof (*blind_seed),
GCRY_MD_SHA512,
GCRY_MD_SHA256,
"bseed",
strlen ("bseed"),
secret,
secret_len,
r_pub,
sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2,
NULL,
0));
}
void
TALER_cs_withdraw_nonce_derive (const struct
TALER_CoinSpendPrivateKeyP *coin_priv,
struct TALER_WithdrawNonce *nonce)
{
GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_hkdf (nonce,
sizeof (*nonce),
GCRY_MD_SHA512,
GCRY_MD_SHA256,
"n",
strlen ("n"),
coin_priv,
sizeof(*coin_priv),
NULL,
0));
}
void
TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
enum TALER_DenominationCipher cipher,
...)
{
va_list ap;
va_start (ap, cipher);
switch (cipher) switch (cipher)
{ {
case TALER_DENOMINATION_INVALID: case TALER_DENOMINATION_INVALID:
@ -184,51 +227,50 @@ blinding_secret_create_va (union TALER_DenominationBlindingKeyP *bs,
return; return;
case TALER_DENOMINATION_CS: case TALER_DENOMINATION_CS:
{ {
// TODO: nonce teil ist noch falsch. da kommt bs[2] zurück, was wir nicht speichern wollen! struct TALER_PlanchetDeriveCsBlindingSecrets *params;
struct TALER_PlanchetDeriveCsBlindingSecrets*seed; params = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *);
cs_blinding_seed_derive (params->secret,
seed = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *); params->secret_len,
params->r_pub,
// GNUNET_CRYPTO_cs_blinding_secrets_derive(&seed->secret, &bs->nonce);
// seed->secret_len,
// &bs->nonce);
return; return;
} }
default: default:
GNUNET_break (0); GNUNET_break (0);
} }
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
bs,
sizeof (*bs));
}
void
TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
enum TALER_DenominationCipher cipher,
...)
{
va_list ap;
va_start (ap, cipher);
blinding_secret_create_va (bs, cipher, ap);
va_end (ap); va_end (ap);
} }
/**
* @brief setup a random planchet
* In Case of RSA planchet, the bks gets set
* In Case of Schnorr this will be set in future
*/
void void
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps, TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
enum TALER_DenominationCipher cipher, enum TALER_DenominationCipher cipher)
...)
{ {
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&ps->coin_priv, &ps->coin_priv,
sizeof (struct TALER_CoinSpendPrivateKeyP)); sizeof (struct TALER_CoinSpendPrivateKeyP));
va_list ap; switch (cipher)
va_start (ap, cipher); {
blinding_secret_create_va (&ps->blinding_key, cipher, ap); case TALER_DENOMINATION_INVALID:
va_end (ap); GNUNET_break (0);
return;
case TALER_DENOMINATION_RSA:
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&ps->blinding_key.rsa_bks,
sizeof (struct
GNUNET_CRYPTO_RsaBlindingKeySecret));
return;
case TALER_DENOMINATION_CS:
// Will be set in a later stage for Clause Blind Schnorr Scheme
return;
default:
GNUNET_break (0);
}
} }

10
src/util/denom.c
View File

@ -199,7 +199,10 @@ TALER_denom_pub_hash (const struct TALER_DenominationPublicKey *denom_pub,
GNUNET_free (buf); GNUNET_free (buf);
} }
break; break;
// TODO: add case for Clause-Schnorr case TALER_DENOMINATION_CS:
GNUNET_CRYPTO_hash_context_read (hc,
&denom_pub->details.cs_public_key,
sizeof(denom_pub->details.cs_public_key));
default: default:
GNUNET_assert (0); GNUNET_assert (0);
} }
@ -237,11 +240,6 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk,
struct TALER_CoinPubHash *c_hash, struct TALER_CoinPubHash *c_hash,
struct TALER_BlindedPlanchet *blinded_planchet) struct TALER_BlindedPlanchet *blinded_planchet)
{ {
// if (dk->cipher != blinded_planchet->cipher)
// {
// GNUNET_break (0);
// return GNUNET_SYSERR;
// }
blinded_planchet->cipher = dk->cipher; blinded_planchet->cipher = dk->cipher;
TALER_coin_pub_hash (coin_pub, TALER_coin_pub_hash (coin_pub,
age_commitment_hash, age_commitment_hash,

15
src/util/test_crypto.c
View File

@ -141,13 +141,14 @@ test_planchets_rsa (void)
static int static int
test_planchets_cs (void) test_planchets_cs (void)
{ {
// struct TALER_PlanchetSecretsP ps; struct TALER_PlanchetSecretsP ps;
struct TALER_DenominationPrivateKey dk_priv; struct TALER_DenominationPrivateKey dk_priv;
struct TALER_DenominationPublicKey dk_pub; struct TALER_DenominationPublicKey dk_pub;
// struct TALER_PlanchetDetail pd; struct TALER_PlanchetDetail pd;
struct TALER_CoinPubHash c_hash;
struct TALER_WithdrawNonce nonce;
// struct TALER_BlindedDenominationSignature blind_sig; // struct TALER_BlindedDenominationSignature blind_sig;
// struct TALER_FreshCoin coin; // struct TALER_FreshCoin coin;
// struct TALER_CoinPubHash c_hash;
// struct TALER_PlanchetDeriveCsBlindingSecrets seed; // struct TALER_PlanchetDeriveCsBlindingSecrets seed;
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
@ -158,8 +159,12 @@ test_planchets_cs (void)
// seed.secret = "test secret"; // seed.secret = "test secret";
// seed.secret_len = strlen ("test secret"); // seed.secret_len = strlen ("test secret");
// TODO: Probably need to adjust GNUNET CS implementation for the CSNonce creation and afterwards adjust the derive function TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS);
// TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS, &seed); TALER_cs_withdraw_nonce_derive (&ps.coin_priv, &nonce);
// NEXT: Implement to create withdraw nonce
// Implement to get R_0 and R_1
// Implement to genrate b-seed from it and calculate c then§
// GNUNET_assert (GNUNET_OK == // GNUNET_assert (GNUNET_OK ==
// TALER_planchet_prepare (&dk_pub, // TALER_planchet_prepare (&dk_pub,