From a02ab8f81b68b59ef5228ce30583d9388f9bab4a Mon Sep 17 00:00:00 2001 From: Gian Demarmels Date: Wed, 22 Dec 2021 12:52:54 +0100 Subject: [PATCH] added CS get R functionality and planchet setup --- src/include/taler_crypto_lib.h | 75 ++++++++++++++++++++++++---------- src/util/crypto.c | 20 +++++---- src/util/denom.c | 41 +++++++++++++++++++ src/util/test_crypto.c | 16 +++++--- 4 files changed, 116 insertions(+), 36 deletions(-) diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 8e5df1fca..542146cc0 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -794,6 +794,9 @@ struct TALER_BlindedPlanchet } details; }; +/** + * Withdraw nonce for CS denominations + */ struct TALER_WithdrawNonce { /** @@ -802,6 +805,9 @@ struct TALER_WithdrawNonce struct GNUNET_CRYPTO_CsNonce nonce; }; +/** + * Withdraw nonce for CS denominations + */ struct TALER_RefreshNonce { /** @@ -810,6 +816,23 @@ struct TALER_RefreshNonce struct GNUNET_CRYPTO_CsNonce nonce; }; +/** + * Public R for Cs denominations + */ +struct TALER_DenominationCsPublicR +{ + struct GNUNET_CRYPTO_CsRPublic r_pub[2]; +}; + +/** + * Secret r for Cs denominations + */ + +struct TALER_DenominationCsPrivateR +{ + struct GNUNET_CRYPTO_CsRSecret r[2]; +}; + /** * @brief RSA Parameters to create blinded messages * @@ -862,28 +885,6 @@ struct TALER_DenominationBlindMessageParams } details; }; -/** - * @brief CS Blinding Secret parameters to derive blinding secrets - * - */ -struct TALER_PlanchetDeriveCsBlindingSecrets -{ - /** - * Secret to derive blinding secrets from - */ - void *secret; - - /** - * size of the secret to derive blinding secrets from - */ - size_t secret_len; - - /** - * public R_0 and R_1 are hashed too - */ - struct GNUNET_CRYPTO_CsRPublic r_pub[2]; -}; - /** * @brief Public information about a coin (including the public key * of the coin, the denomination key and the signature with @@ -1012,6 +1013,36 @@ void TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig); +/** + * Function for CS signatures to derive the secret r_0 and r_1 + * + * @param nonce withdraw nonce from a client + * @param denom_priv denomination privkey as long-term secret + * @param r the resulting r_0 and r_1 + * @return enum GNUNET_GenericReturnValue, returns SYSERR when denom key has wrong type + */ +enum GNUNET_GenericReturnValue +TALER_denom_cs_derive_r_secret (const struct TALER_WithdrawNonce *nonce, + const struct + TALER_DenominationPrivateKey *denom_priv, + struct TALER_DenominationCsPrivateR *r); + +/** + * @brief Function for CS signatures to derive public R_0 and R_1 + * + * @param nonce withdraw nonce from a client + * @param denom_priv denomination privkey as long-term secret + * @param r_pub the resulting R_0 and R_1 + * @return enum GNUNET_GenericReturnValue + */ + +enum GNUNET_GenericReturnValue +TALER_denom_cs_derive_r_public (const struct TALER_WithdrawNonce *nonce, + const struct + TALER_DenominationPrivateKey *denom_priv, + struct TALER_DenominationCsPublicR *r_pub); + + /** * Blind coin for blind signing with @a dk using blinding secret @a coin_bks. * diff --git a/src/util/crypto.c b/src/util/crypto.c index 40c69b54a..1ef0388dc 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -167,8 +167,8 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed, void -cs_blinding_seed_derive (const void *secret, - size_t secret_len, +cs_blinding_seed_derive (const struct + TALER_CoinSpendPrivateKeyP *coin_priv, const struct GNUNET_CRYPTO_CsRPublic r_pub[2], struct GNUNET_CRYPTO_CsNonce *blind_seed) { @@ -179,8 +179,8 @@ cs_blinding_seed_derive (const void *secret, GCRY_MD_SHA256, "bseed", strlen ("bseed"), - secret, - secret_len, + coin_priv, + sizeof(*coin_priv), r_pub, sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2, NULL, @@ -227,11 +227,13 @@ TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs, return; case TALER_DENOMINATION_CS: { - struct TALER_PlanchetDeriveCsBlindingSecrets *params; - params = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *); - cs_blinding_seed_derive (params->secret, - params->secret_len, - params->r_pub, + struct TALER_CoinSpendPrivateKeyP *coin_priv; + struct TALER_DenominationCsPublicR *r_pub; + coin_priv = va_arg (ap, struct TALER_CoinSpendPrivateKeyP *); + r_pub = va_arg (ap, struct TALER_DenominationCsPublicR *); + + cs_blinding_seed_derive (coin_priv, + r_pub->r_pub, &bs->nonce); return; } diff --git a/src/util/denom.c b/src/util/denom.c index 6ff92e894..6b587026e 100644 --- a/src/util/denom.c +++ b/src/util/denom.c @@ -81,6 +81,47 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv, } +enum GNUNET_GenericReturnValue +TALER_denom_cs_derive_r_secret (const struct TALER_WithdrawNonce *nonce, + const struct + TALER_DenominationPrivateKey *denom_priv, + struct TALER_DenominationCsPrivateR *r) +{ + if (denom_priv->cipher != TALER_DENOMINATION_CS) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + + GNUNET_CRYPTO_cs_r_derive (&nonce->nonce, + &denom_priv->details.cs_private_key, + r->r); + return GNUNET_OK; +} + + +enum GNUNET_GenericReturnValue +TALER_denom_cs_derive_r_public (const struct TALER_WithdrawNonce *nonce, + const struct + TALER_DenominationPrivateKey *denom_priv, + struct TALER_DenominationCsPublicR *r_pub) +{ + if (denom_priv->cipher != TALER_DENOMINATION_CS) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + + struct GNUNET_CRYPTO_CsRSecret r[2]; + GNUNET_CRYPTO_cs_r_derive (&nonce->nonce, + &denom_priv->details.cs_private_key, + r); + GNUNET_CRYPTO_cs_r_get_public (&r[0], &r_pub->r_pub[0]); + GNUNET_CRYPTO_cs_r_get_public (&r[1], &r_pub->r_pub[1]); + return GNUNET_OK; +} + + enum GNUNET_GenericReturnValue TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, const struct TALER_DenominationPrivateKey *denom_priv, diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c index a91536bf7..2fe70cda1 100644 --- a/src/util/test_crypto.c +++ b/src/util/test_crypto.c @@ -147,6 +147,8 @@ test_planchets_cs (void) struct TALER_PlanchetDetail pd; struct TALER_CoinPubHash c_hash; struct TALER_WithdrawNonce nonce; + struct TALER_DenominationCsPublicR r_pub; + // struct TALER_DenominationCsPrivateR priv_r; // struct TALER_BlindedDenominationSignature blind_sig; // struct TALER_FreshCoin coin; // struct TALER_PlanchetDeriveCsBlindingSecrets seed; @@ -156,14 +158,18 @@ test_planchets_cs (void) &dk_pub, TALER_DENOMINATION_CS)); - // seed.secret = "test secret"; - // seed.secret_len = strlen ("test secret"); - TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS); TALER_cs_withdraw_nonce_derive (&ps.coin_priv, &nonce); + GNUNET_assert (GNUNET_OK == + TALER_denom_cs_derive_r_public (&nonce, + &dk_priv, + &r_pub)); + TALER_blinding_secret_create (&ps.blinding_key, + TALER_DENOMINATION_CS, + &ps.coin_priv, + &r_pub); - // NEXT: Implement to create withdraw nonce - // Implement to get R_0 and R_1 + // NEXT: // Implement to genrate b-seed from it and calculate c thenĀ§ // GNUNET_assert (GNUNET_OK ==