moving core refresh crypto logic to util -- towards fixing #3777

This commit is contained in:
Christian Grothoff 2015-04-15 18:12:21 +02:00
parent ad4759b46a
commit 97e403bb66
4 changed files with 136 additions and 27 deletions

View File

@ -423,6 +423,43 @@ struct TALER_RefreshLinkEncrypted
}; };
/**
* Decrypt the shared @a secret from the information in the
* encrypted link secret @e secret_enc using the transfer
* private key and the coin's public key.
*
* @param secret_enc encrypted link secret
* @param transfer_priv transfer private key
* @param coin_pub coin public key
* @param[out] secret set to the shared secret
* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
*/
int
TALER_link_decrypt_secret (const struct TALER_EncryptedLinkSecretP *secret_enc,
const struct TALER_TransferPrivateKeyP *trans_priv,
const union TALER_CoinSpendPublicKeyP *coin_pub,
struct TALER_LinkSecretP *secret);
/**
* Encrypt the shared @a secret to generate the encrypted link secret.
* Also creates the transfer key.
*
* @param secret link secret to encrypt
* @param coin_pub coin public key
* @param transfer_priv[out] set to transfer private key
* @param transfer_pub[out] set to transfer public key
* @param[out] secret_enc set to the encryptd @a secret
* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
*/
int
TALER_link_encrypt_secret (const struct TALER_LinkSecretP *secret,
const union TALER_CoinSpendPublicKeyP *coin_pub,
struct TALER_TransferPrivateKeyP *trans_priv,
struct TALER_TransferPublicKeyP *trans_pub,
struct TALER_EncryptedLinkSecretP *secret_enc);
/** /**
* Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc
* to obtain the @a secret to decrypt the linkage data. * to obtain the @a secret to decrypt the linkage data.

View File

@ -849,7 +849,6 @@ check_commitment (struct MHD_Connection *connection,
for (j = 0; j < num_oldcoins; j++) for (j = 0; j < num_oldcoins; j++)
{ {
struct TALER_TransferSecretP transfer_secret;
struct TALER_LinkSecretP shared_secret; struct TALER_LinkSecretP shared_secret;
struct TALER_TransferPublicKeyP transfer_pub_check; struct TALER_TransferPublicKeyP transfer_pub_check;
@ -871,32 +870,18 @@ check_commitment (struct MHD_Connection *connection,
"transfer key"); "transfer key");
} }
/* We're converting key types here, which is not very nice
* but necessary and harmless (keys will be thrown away later). */
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_ecc_ecdh (&transfer_privs[j].ecdhe_priv, TALER_link_decrypt_secret (&commit_links[j].shared_secret_enc,
&melts[j].coin.coin_pub.ecdhe_pub, &transfer_privs[j],
&transfer_secret.key)) &melts[j].coin.coin_pub,
{
GNUNET_break (0);
GNUNET_free (commit_links);
return (MHD_YES == TMH_RESPONSE_reply_internal_error (connection,
"ECDH error"))
? GNUNET_NO : GNUNET_SYSERR;
}
if (GNUNET_OK !=
TALER_transfer_decrypt (&commit_links[j].shared_secret_enc,
&transfer_secret,
&shared_secret)) &shared_secret))
{ {
GNUNET_break (0);
GNUNET_free (commit_links); GNUNET_free (commit_links);
return (MHD_YES == return (MHD_YES ==
TMH_RESPONSE_reply_internal_error (connection, TMH_RESPONSE_reply_internal_error (connection,
"Decryption error")) "Transfer secret decryption error"))
? GNUNET_NO : GNUNET_SYSERR; ? GNUNET_NO : GNUNET_SYSERR;
} }
if (GNUNET_NO == secret_initialized) if (GNUNET_NO == secret_initialized)
{ {
secret_initialized = GNUNET_YES; secret_initialized = GNUNET_YES;

View File

@ -1,6 +1,6 @@
/* /*
This file is part of TALER This file is part of TALER
Copyright (C) 2014 Christian Grothoff (and other contributing authors) Copyright (C) 2014, 2015 Christian Grothoff (and other contributing authors)
TALER is free software; you can redistribute it and/or modify it under the TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software terms of the GNU General Public License as published by the Free Software
@ -333,4 +333,91 @@ TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info)
} }
/**
* Decrypt the shared @a secret from the information in the
* encrypted link secret @e secret_enc using the transfer
* private key and the coin's public key.
*
* @param secret_enc encrypted link secret
* @param transfer_priv transfer private key
* @param coin_pub coin public key
* @param[out] secret set to the shared secret
* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
*/
int
TALER_link_decrypt_secret (const struct TALER_EncryptedLinkSecretP *secret_enc,
const struct TALER_TransferPrivateKeyP *trans_priv,
const union TALER_CoinSpendPublicKeyP *coin_pub,
struct TALER_LinkSecretP *secret)
{
struct TALER_TransferSecretP transfer_secret;
if (GNUNET_OK !=
GNUNET_CRYPTO_ecc_ecdh (&trans_priv->ecdhe_priv,
&coin_pub->ecdhe_pub,
&transfer_secret.key))
{
GNUNET_break (0);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
TALER_transfer_decrypt (secret_enc,
&transfer_secret,
secret))
{
GNUNET_break (0);
return GNUNET_SYSERR;
}
return GNUNET_OK;
}
/**
* Encrypt the shared @a secret to generate the encrypted link secret.
* Also creates the transfer key.
*
* @param secret link secret to encrypt
* @param coin_pub coin public key
* @param transfer_priv[out] set to transfer private key
* @param transfer_pub[out] set to transfer public key
* @param[out] secret_enc set to the encryptd @a secret
* @return #GNUNET_OK on success, #GNUNET_SYSERR on error
*/
int
TALER_link_encrypt_secret (const struct TALER_LinkSecretP *secret,
const union TALER_CoinSpendPublicKeyP *coin_pub,
struct TALER_TransferPrivateKeyP *trans_priv,
struct TALER_TransferPublicKeyP *trans_pub,
struct TALER_EncryptedLinkSecretP *secret_enc)
{
struct TALER_TransferSecretP transfer_secret;
struct GNUNET_CRYPTO_EcdhePrivateKey *pk;
pk = GNUNET_CRYPTO_ecdhe_key_create ();
if (GNUNET_OK !=
GNUNET_CRYPTO_ecc_ecdh (pk,
&coin_pub->ecdhe_pub,
&transfer_secret.key))
{
GNUNET_break (0);
GNUNET_free (pk);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
TALER_transfer_encrypt (secret,
&transfer_secret,
secret_enc))
{
GNUNET_break (0);
return GNUNET_SYSERR;
}
trans_priv->ecdhe_priv = *pk;
GNUNET_CRYPTO_ecdhe_key_get_public (pk,
&trans_pub->ecdhe_pub);
GNUNET_free (pk);
return GNUNET_OK;
}
/* end of crypto.c */ /* end of crypto.c */