taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

API refactoring towards batch CS

Browse Source
This commit is contained in:
Christian Grothoff 2022-11-13 15:05:48 +01:00
parent b93b9dd074
commit 9838e0fc33
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
7 changed files with 131 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/exchange/taler-exchange-httpd_keys.c
View File

@ -2781,11 +2781,16 @@ TEH_keys_denomination_sign_withdraw (
} }
case TALER_DENOMINATION_CS: case TALER_DENOMINATION_CS:
TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_CS]++; TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_CS]++;
{
struct TALER_CRYPTO_CsSignRequest csr;
csr.h_cs = &hd->h_details.h_cs;
csr.blinded_planchet = &bp->details.cs_blinded_planchet;
return TALER_CRYPTO_helper_cs_sign_withdraw ( return TALER_CRYPTO_helper_cs_sign_withdraw (
ksh->helpers->csdh, ksh->helpers->csdh,
&hd->h_details.h_cs, &csr,
&bp->details.cs_blinded_planchet,
bs); bs);
}
default: default:
return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE; return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE;
} }
@ -2827,12 +2832,17 @@ TEH_keys_denomination_sign_melt (
bs); bs);
} }
case TALER_DENOMINATION_CS: case TALER_DENOMINATION_CS:
{
struct TALER_CRYPTO_CsSignRequest csr;
csr.h_cs = &hd->h_details.h_cs;
csr.blinded_planchet = &bp->details.cs_blinded_planchet;
TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_CS]++; TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_CS]++;
return TALER_CRYPTO_helper_cs_sign_melt ( return TALER_CRYPTO_helper_cs_sign_melt (
ksh->helpers->csdh, ksh->helpers->csdh,
&hd->h_details.h_cs, &csr,
&bp->details.cs_blinded_planchet,
bs); bs);
}
default: default:
return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE; return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE;
} }

29
src/include/taler_crypto_lib.h
View File

@ -2466,6 +2466,23 @@ void
TALER_CRYPTO_helper_cs_poll (struct TALER_CRYPTO_CsDenominationHelper *dh); TALER_CRYPTO_helper_cs_poll (struct TALER_CRYPTO_CsDenominationHelper *dh);
/**
* Information about what we should sign over.
*/
struct TALER_CRYPTO_CsSignRequest
{
/**
* Hash of the CS public key to use to sign.
*/
const struct TALER_CsPubHashP *h_cs;
/**
* Blinded planchet containing c and the nonce.
*/
const struct TALER_BlindedCsPlanchet *blinded_planchet;
};
/** /**
* Request helper @a dh to sign @a msg using the public key corresponding to * Request helper @a dh to sign @a msg using the public key corresponding to
* @a h_denom_pub. * @a h_denom_pub.
@ -2477,16 +2494,14 @@ TALER_CRYPTO_helper_cs_poll (struct TALER_CRYPTO_CsDenominationHelper *dh);
* differences in the signature counters. Retrying in this case may work. * differences in the signature counters. Retrying in this case may work.
* *
* @param dh helper process connection * @param dh helper process connection
* @param h_cs hash of the CS public key to use to sign * @param req information about the key to sign with and the value to sign
* @param blinded_planchet blinded planchet containing c and nonce
* @param[out] bs set to the blind signature * @param[out] bs set to the blind signature
* @return #TALER_EC_NONE on success * @return #TALER_EC_NONE on success
*/ */
enum TALER_ErrorCode enum TALER_ErrorCode
TALER_CRYPTO_helper_cs_sign_melt ( TALER_CRYPTO_helper_cs_sign_melt (
struct TALER_CRYPTO_CsDenominationHelper *dh, struct TALER_CRYPTO_CsDenominationHelper *dh,
const struct TALER_CsPubHashP *h_cs, const struct TALER_CRYPTO_CsSignRequest *req,
const struct TALER_BlindedCsPlanchet *blinded_planchet,
struct TALER_BlindedDenominationSignature *bs); struct TALER_BlindedDenominationSignature *bs);
@ -2501,16 +2516,14 @@ TALER_CRYPTO_helper_cs_sign_melt (
* differences in the signature counters. Retrying in this case may work. * differences in the signature counters. Retrying in this case may work.
* *
* @param dh helper process connection * @param dh helper process connection
* @param h_cs hash of the CS public key to use to sign * @param req information about the key to sign with and the value to sign
* @param blinded_planchet blinded planchet containing c and nonce
* @param[out] bs set to the blind signature * @param[out] bs set to the blind signature
* @return #TALER_EC_NONE on success * @return #TALER_EC_NONE on success
*/ */
enum TALER_ErrorCode enum TALER_ErrorCode
TALER_CRYPTO_helper_cs_sign_withdraw ( TALER_CRYPTO_helper_cs_sign_withdraw (
struct TALER_CRYPTO_CsDenominationHelper *dh, struct TALER_CRYPTO_CsDenominationHelper *dh,
const struct TALER_CsPubHashP *h_cs, const struct TALER_CRYPTO_CsSignRequest *req,
const struct TALER_BlindedCsPlanchet *blinded_planchet,
struct TALER_BlindedDenominationSignature *bs); struct TALER_BlindedDenominationSignature *bs);

22
src/util/crypto_helper_cs.c
View File

@ -1,6 +1,6 @@
/* /*
This file is part of TALER This file is part of TALER
Copyright (C) 2020, 2021 Taler Systems SA Copyright (C) 2020, 2021, 2022 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software terms of the GNU General Public License as published by the Free Software
@ -419,9 +419,9 @@ helper_cs_sign (
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Requesting signature\n"); "Requesting signature\n");
{ {
char buf[sizeof (struct TALER_CRYPTO_CsSignRequest)]; char buf[sizeof (struct TALER_CRYPTO_CsSignRequestMessage)];
struct TALER_CRYPTO_CsSignRequest *sr struct TALER_CRYPTO_CsSignRequestMessage *sr
= (struct TALER_CRYPTO_CsSignRequest *) buf; = (struct TALER_CRYPTO_CsSignRequestMessage *) buf;
sr->header.size = htons (sizeof (buf)); sr->header.size = htons (sizeof (buf));
sr->header.type = htons (TALER_HELPER_CS_MT_REQ_SIGN); sr->header.type = htons (TALER_HELPER_CS_MT_REQ_SIGN);
@ -594,13 +594,12 @@ end:
enum TALER_ErrorCode enum TALER_ErrorCode
TALER_CRYPTO_helper_cs_sign_melt ( TALER_CRYPTO_helper_cs_sign_melt (
struct TALER_CRYPTO_CsDenominationHelper *dh, struct TALER_CRYPTO_CsDenominationHelper *dh,
const struct TALER_CsPubHashP *h_cs, const struct TALER_CRYPTO_CsSignRequest *req,
const struct TALER_BlindedCsPlanchet *blinded_planchet,
struct TALER_BlindedDenominationSignature *bs) struct TALER_BlindedDenominationSignature *bs)
{ {
return helper_cs_sign (dh, return helper_cs_sign (dh,
h_cs, req->h_cs,
blinded_planchet, req->blinded_planchet,
true, true,
bs); bs);
} }
@ -609,13 +608,12 @@ TALER_CRYPTO_helper_cs_sign_melt (
enum TALER_ErrorCode enum TALER_ErrorCode
TALER_CRYPTO_helper_cs_sign_withdraw ( TALER_CRYPTO_helper_cs_sign_withdraw (
struct TALER_CRYPTO_CsDenominationHelper *dh, struct TALER_CRYPTO_CsDenominationHelper *dh,
const struct TALER_CsPubHashP *h_cs, const struct TALER_CRYPTO_CsSignRequest *req,
const struct TALER_BlindedCsPlanchet *blinded_planchet,
struct TALER_BlindedDenominationSignature *bs) struct TALER_BlindedDenominationSignature *bs)
{ {
return helper_cs_sign (dh, return helper_cs_sign (dh,
h_cs, req->h_cs,
blinded_planchet, req->blinded_planchet,
false, false,
bs); bs);
} }

20
src/util/taler-exchange-secmod-cs.c
View File

@ -277,7 +277,7 @@ generate_response (struct DenominationKey *dk)
*/ */
static enum GNUNET_GenericReturnValue static enum GNUNET_GenericReturnValue
handle_sign_request (struct TES_Client *client, handle_sign_request (struct TES_Client *client,
const struct TALER_CRYPTO_CsSignRequest *sr) const struct TALER_CRYPTO_CsSignRequestMessage *sr)
{ {
struct DenominationKey *dk; struct DenominationKey *dk;
struct GNUNET_CRYPTO_CsRSecret r[2]; struct GNUNET_CRYPTO_CsRSecret r[2];
@ -340,20 +340,6 @@ handle_sign_request (struct TES_Client *client,
GNUNET_assert (dk->rc > 0); GNUNET_assert (dk->rc > 0);
dk->rc--; dk->rc--;
GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock)); GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock));
// if (NULL == cs_answer)
// {
// struct TALER_CRYPTO_SignFailure sf = {
// .header.size = htons (sizeof (sf)),
// .header.type = htons (TALER_HELPER_CS_MT_RES_SIGN_FAILURE),
// .ec = htonl (TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE)
// };
// GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
// "Signing request failed, worker failed to produce signature\n");
// return TES_transmit (client->csock,
// &sf.header);
// }
{ {
struct TALER_CRYPTO_SignResponse *sr; struct TALER_CRYPTO_SignResponse *sr;
size_t tsize; size_t tsize;
@ -651,14 +637,14 @@ cs_work_dispatch (struct TES_Client *client,
switch (ntohs (hdr->type)) switch (ntohs (hdr->type))
{ {
case TALER_HELPER_CS_MT_REQ_SIGN: case TALER_HELPER_CS_MT_REQ_SIGN:
if (msize < sizeof (struct TALER_CRYPTO_CsSignRequest)) if (msize < sizeof (struct TALER_CRYPTO_CsSignRequestMessage))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
return handle_sign_request ( return handle_sign_request (
client, client,
(const struct TALER_CRYPTO_CsSignRequest *) hdr); (const struct TALER_CRYPTO_CsSignRequestMessage *) hdr);
case TALER_HELPER_CS_MT_REQ_REVOKE: case TALER_HELPER_CS_MT_REQ_REVOKE:
if (msize != sizeof (struct TALER_CRYPTO_CsRevokeRequest)) if (msize != sizeof (struct TALER_CRYPTO_CsRevokeRequest))
{ {

66
src/util/taler-exchange-secmod-cs.h
View File

@ -1,6 +1,6 @@
/* /*
This file is part of TALER This file is part of TALER
Copyright (C) 2020 Taler Systems SA Copyright (C) 2020-2022 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software terms of the GNU General Public License as published by the Free Software
@ -26,17 +26,19 @@
#define TALER_HELPER_CS_MT_PURGE 1 #define TALER_HELPER_CS_MT_PURGE 1
#define TALER_HELPER_CS_MT_AVAIL 2 #define TALER_HELPER_CS_MT_AVAIL 2
#define TALER_HELPER_CS_MT_REQ_INIT 4 #define TALER_HELPER_CS_MT_REQ_INIT 3
#define TALER_HELPER_CS_MT_REQ_BATCH_SIGN 4
#define TALER_HELPER_CS_MT_REQ_SIGN 5 #define TALER_HELPER_CS_MT_REQ_SIGN 5
#define TALER_HELPER_CS_MT_REQ_REVOKE 6 #define TALER_HELPER_CS_MT_REQ_REVOKE 6
#define TALER_HELPER_CS_MT_REQ_RDERIVE 7 #define TALER_HELPER_CS_MT_REQ_BATCH_RDERIVE 7
#define TALER_HELPER_CS_MT_REQ_RDERIVE 8
#define TALER_HELPER_CS_MT_RES_SIGNATURE 8 #define TALER_HELPER_CS_MT_RES_SIGNATURE 9
#define TALER_HELPER_CS_MT_RES_SIGN_FAILURE 9 #define TALER_HELPER_CS_MT_RES_SIGN_FAILURE 10
#define TALER_HELPER_CS_MT_RES_RDERIVE 10 #define TALER_HELPER_CS_MT_RES_RDERIVE 11
#define TALER_HELPER_CS_MT_RES_RDERIVE_FAILURE 11 #define TALER_HELPER_CS_MT_RES_RDERIVE_FAILURE 12
#define TALER_HELPER_CS_SYNCED 12 #define TALER_HELPER_CS_SYNCED 13
GNUNET_NETWORK_STRUCT_BEGIN GNUNET_NETWORK_STRUCT_BEGIN
@ -114,7 +116,7 @@ struct TALER_CRYPTO_CsKeyPurgeNotification
/** /**
* Message sent if a signature is requested. * Message sent if a signature is requested.
*/ */
struct TALER_CRYPTO_CsSignRequest struct TALER_CRYPTO_CsSignRequestMessage
{ {
/** /**
* Type is #TALER_HELPER_CS_MT_REQ_SIGN. * Type is #TALER_HELPER_CS_MT_REQ_SIGN.
@ -139,6 +141,29 @@ struct TALER_CRYPTO_CsSignRequest
}; };
/**
* Message sent if a batch of signatures is requested.
*/
struct TALER_CRYPTO_BatchSignRequest
{
/**
* Type is #TALER_HELPER_CS_MT_REQ_BATCH_SIGN.
*/
struct GNUNET_MessageHeader header;
/**
* Number of signatures to create, in NBO.
*/
uint32_t batch_size;
/*
* Followed by @e batch_size batch sign requests.
*/
};
/** /**
* Message sent if a signature is requested. * Message sent if a signature is requested.
*/ */
@ -165,6 +190,29 @@ struct TALER_CRYPTO_CsRDeriveRequest
struct TALER_CsNonce nonce; struct TALER_CsNonce nonce;
}; };
/**
* Message sent if a batch of derivations is requested.
*/
struct TALER_CRYPTO_BatchDeriveRequest
{
/**
* Type is #TALER_HELPER_RSA_MT_REQ_BATCH_RDERIVE.
*/
struct GNUNET_MessageHeader header;
/**
* Number of derivations to create, in NBO.
*/
uint32_t batch_size;
/*
* Followed by @e batch_size derive requests.
*/
};
/** /**
* Message sent if a key was revoked. * Message sent if a key was revoked.
*/ */

6
src/util/taler-exchange-secmod-rsa.h
View File

@ -1,6 +1,6 @@
/* /*
This file is part of TALER This file is part of TALER
Copyright (C) 2020 Taler Systems SA Copyright (C) 2020-2022 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software terms of the GNU General Public License as published by the Free Software
@ -136,7 +136,7 @@ struct TALER_CRYPTO_SignRequest
/** /**
* Message sent if a signature is requested. * Message sent if a batch of signatures is requested.
*/ */
struct TALER_CRYPTO_BatchSignRequest struct TALER_CRYPTO_BatchSignRequest
{ {
@ -151,7 +151,7 @@ struct TALER_CRYPTO_BatchSignRequest
uint32_t batch_size; uint32_t batch_size;
/* /*
* Followed by @e batch_size batch sign requests. * Followed by @e batch_size sign requests.
*/ */
}; };

28
src/util/test_helper_cs.c
View File

@ -423,6 +423,7 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
continue; continue;
{ {
struct TALER_PlanchetDetail pd; struct TALER_PlanchetDetail pd;
struct TALER_CRYPTO_CsSignRequest csr;
pd.blinded_planchet.cipher = TALER_DENOMINATION_CS; pd.blinded_planchet.cipher = TALER_DENOMINATION_CS;
// keys[i].denom_pub.cipher = TALER_DENOMINATION_CS; // keys[i].denom_pub.cipher = TALER_DENOMINATION_CS;
@ -458,11 +459,12 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Requesting signature with key %s\n", "Requesting signature with key %s\n",
GNUNET_h2s (&keys[i].h_cs.hash)); GNUNET_h2s (&keys[i].h_cs.hash));
csr.h_cs = &keys[i].h_cs;
csr.blinded_planchet
= &pd.blinded_planchet.details.cs_blinded_planchet;
ec = TALER_CRYPTO_helper_cs_sign_withdraw ( ec = TALER_CRYPTO_helper_cs_sign_withdraw (
dh, dh,
&keys[i].h_cs, &csr,
&pd.blinded_planchet.details.
cs_blinded_planchet,
&ds); &ds);
} }
switch (ec) switch (ec)
@ -544,6 +546,7 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
{ {
struct TALER_PlanchetDetail pd; struct TALER_PlanchetDetail pd;
struct TALER_CsPubHashP rnd; struct TALER_CsPubHashP rnd;
struct TALER_CRYPTO_CsSignRequest csr;
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&rnd, &rnd,
@ -557,11 +560,12 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh)
NULL, /* no age commitment */ NULL, /* no age commitment */
&c_hash, &c_hash,
&pd)); &pd));
csr.h_cs = &rnd;
csr.blinded_planchet
= &pd.blinded_planchet.details.cs_blinded_planchet;
ec = TALER_CRYPTO_helper_cs_sign_withdraw ( ec = TALER_CRYPTO_helper_cs_sign_withdraw (
dh, dh,
&rnd, &csr,
&pd.blinded_planchet.details.cs_blinded_planchet,
&ds); &ds);
if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec) if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec)
{ {
@ -627,9 +631,7 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh,
ec = TALER_CRYPTO_helper_cs_r_derive_melt ( ec = TALER_CRYPTO_helper_cs_r_derive_melt (
dh, dh,
&keys[i].h_cs, &keys[i].h_cs,
&pd.blinded_planchet. &pd.blinded_planchet.details.cs_blinded_planchet.nonce,
details.
cs_blinded_planchet.nonce,
&alg_values.details.cs_values); &alg_values.details.cs_values);
if (TALER_EC_NONE != ec) if (TALER_EC_NONE != ec)
continue; continue;
@ -652,12 +654,14 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh,
{ {
struct GNUNET_TIME_Absolute start = GNUNET_TIME_absolute_get (); struct GNUNET_TIME_Absolute start = GNUNET_TIME_absolute_get ();
struct GNUNET_TIME_Relative delay; struct GNUNET_TIME_Relative delay;
struct TALER_CRYPTO_CsSignRequest csr;
csr.h_cs = &keys[i].h_cs;
csr.blinded_planchet
= &pd.blinded_planchet.details.cs_blinded_planchet;
ec = TALER_CRYPTO_helper_cs_sign_melt ( ec = TALER_CRYPTO_helper_cs_sign_melt (
dh, dh,
&keys[i].h_cs, &csr,
&pd.blinded_planchet.details.
cs_blinded_planchet,
&ds); &ds);
if (TALER_EC_NONE != ec) if (TALER_EC_NONE != ec)
break; break;