added CS get R functionality and planchet setup

2021-12-22 12:52:54 +01:00 · 2021-12-22 12:52:54 +01:00 · a02ab8f81b
commit a02ab8f81b
parent 385eb51e93
4 changed files with 116 additions and 36 deletions
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@ -794,6 +794,9 @@ struct TALER_BlindedPlanchet
  } details;
 };

+/**
+ * Withdraw nonce for CS denominations
+ */
 struct TALER_WithdrawNonce
 {
  /**
@ -802,6 +805,9 @@ struct TALER_WithdrawNonce
  struct GNUNET_CRYPTO_CsNonce nonce;
 };

+/**
+ * Withdraw nonce for CS denominations
+ */
 struct TALER_RefreshNonce
 {
  /**
@ -810,6 +816,23 @@ struct TALER_RefreshNonce
  struct GNUNET_CRYPTO_CsNonce nonce;
 };

+/**
+ * Public R for Cs denominations
+ */
+struct TALER_DenominationCsPublicR
+{
+  struct GNUNET_CRYPTO_CsRPublic r_pub[2];
+};
+
+/**
+ * Secret r for Cs denominations
+ */
+
+struct TALER_DenominationCsPrivateR
+{
+  struct GNUNET_CRYPTO_CsRSecret r[2];
+};
+
 /**
 * @brief RSA Parameters to create blinded messages
 *
@ -862,28 +885,6 @@ struct TALER_DenominationBlindMessageParams
  } details;
 };

-/**
- * @brief CS Blinding Secret parameters to derive blinding secrets
- *
- */
-struct TALER_PlanchetDeriveCsBlindingSecrets
-{
-  /**
-  * Secret to derive blinding secrets from
-  */
-  void *secret;
-
-  /**
-   * size of the secret to derive blinding secrets from
-   */
-  size_t secret_len;
-
-  /**
-   * public R_0 and R_1 are hashed too
-   */
-  struct GNUNET_CRYPTO_CsRPublic r_pub[2];
-};
-
 /**
 * @brief Public information about a coin (including the public key
 * of the coin, the denomination key and the signature with
@ -1012,6 +1013,36 @@ void
 TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig);


+/**
+ * Function for CS signatures to derive the secret r_0 and r_1
+ *
+ * @param nonce withdraw nonce from a client
+ * @param denom_priv denomination privkey as long-term secret
+ * @param r the resulting r_0 and r_1
+ * @return enum GNUNET_GenericReturnValue, returns SYSERR when denom key has wrong type
+ */
+enum GNUNET_GenericReturnValue
+TALER_denom_cs_derive_r_secret (const struct TALER_WithdrawNonce *nonce,
+                                const struct
+                                TALER_DenominationPrivateKey *denom_priv,
+                                struct TALER_DenominationCsPrivateR *r);
+
+/**
+ * @brief Function for CS signatures to derive public R_0 and R_1
+ *
+ * @param nonce withdraw nonce from a client
+ * @param denom_priv denomination privkey as long-term secret
+ * @param r_pub the resulting R_0 and R_1
+ * @return enum GNUNET_GenericReturnValue
+ */
+
+enum GNUNET_GenericReturnValue
+TALER_denom_cs_derive_r_public (const struct TALER_WithdrawNonce *nonce,
+                                const struct
+                                TALER_DenominationPrivateKey *denom_priv,
+                                struct TALER_DenominationCsPublicR *r_pub);
+
+
 /**
 * Blind coin for blind signing with @a dk using blinding secret @a coin_bks.
 *
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@ -167,8 +167,8 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,


 void
-cs_blinding_seed_derive (const void *secret,
-                         size_t secret_len,
+cs_blinding_seed_derive (const struct
+                         TALER_CoinSpendPrivateKeyP *coin_priv,
                         const struct GNUNET_CRYPTO_CsRPublic r_pub[2],
                         struct GNUNET_CRYPTO_CsNonce *blind_seed)
 {
@ -179,8 +179,8 @@ cs_blinding_seed_derive (const void *secret,
                                     GCRY_MD_SHA256,
                                     "bseed",
                                     strlen ("bseed"),
-                                     secret,
-                                     secret_len,
+                                     coin_priv,
+                                     sizeof(*coin_priv),
                                     r_pub,
                                     sizeof(struct GNUNET_CRYPTO_CsRPublic) * 2,
                                     NULL,
@ -227,11 +227,13 @@ TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
    return;
  case TALER_DENOMINATION_CS:
    {
-      struct TALER_PlanchetDeriveCsBlindingSecrets *params;
-      params = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *);
-      cs_blinding_seed_derive (params->secret,
-                               params->secret_len,
-                               params->r_pub,
+      struct TALER_CoinSpendPrivateKeyP *coin_priv;
+      struct TALER_DenominationCsPublicR *r_pub;
+      coin_priv = va_arg (ap, struct TALER_CoinSpendPrivateKeyP *);
+      r_pub = va_arg (ap, struct TALER_DenominationCsPublicR *);
+
+      cs_blinding_seed_derive (coin_priv,
+                               r_pub->r_pub,
                               &bs->nonce);
      return;
    }
--- a/src/util/denom.c
+++ b/src/util/denom.c
@ -81,6 +81,47 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv,
 }


+enum GNUNET_GenericReturnValue
+TALER_denom_cs_derive_r_secret (const struct TALER_WithdrawNonce *nonce,
+                                const struct
+                                TALER_DenominationPrivateKey *denom_priv,
+                                struct TALER_DenominationCsPrivateR *r)
+{
+  if (denom_priv->cipher != TALER_DENOMINATION_CS)
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+
+  GNUNET_CRYPTO_cs_r_derive (&nonce->nonce,
+                             &denom_priv->details.cs_private_key,
+                             r->r);
+  return GNUNET_OK;
+}
+
+
+enum GNUNET_GenericReturnValue
+TALER_denom_cs_derive_r_public (const struct TALER_WithdrawNonce *nonce,
+                                const struct
+                                TALER_DenominationPrivateKey *denom_priv,
+                                struct TALER_DenominationCsPublicR *r_pub)
+{
+  if (denom_priv->cipher != TALER_DENOMINATION_CS)
+  {
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+
+  struct GNUNET_CRYPTO_CsRSecret r[2];
+  GNUNET_CRYPTO_cs_r_derive (&nonce->nonce,
+                             &denom_priv->details.cs_private_key,
+                             r);
+  GNUNET_CRYPTO_cs_r_get_public (&r[0], &r_pub->r_pub[0]);
+  GNUNET_CRYPTO_cs_r_get_public (&r[1], &r_pub->r_pub[1]);
+  return GNUNET_OK;
+}
+
+
 enum GNUNET_GenericReturnValue
 TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
                          const struct TALER_DenominationPrivateKey *denom_priv,
--- a/src/util/test_crypto.c
+++ b/src/util/test_crypto.c
@ -147,6 +147,8 @@ test_planchets_cs (void)
  struct TALER_PlanchetDetail pd;
  struct TALER_CoinPubHash c_hash;
  struct TALER_WithdrawNonce nonce;
+  struct TALER_DenominationCsPublicR r_pub;
+  // struct TALER_DenominationCsPrivateR priv_r;
  // struct TALER_BlindedDenominationSignature blind_sig;
  // struct TALER_FreshCoin coin;
  // struct TALER_PlanchetDeriveCsBlindingSecrets seed;
@ -156,14 +158,18 @@ test_planchets_cs (void)
                                          &dk_pub,
                                          TALER_DENOMINATION_CS));

-  // seed.secret = "test secret";
-  // seed.secret_len = strlen ("test secret");
-
  TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS);
  TALER_cs_withdraw_nonce_derive (&ps.coin_priv, &nonce);
+  GNUNET_assert (GNUNET_OK ==
+                 TALER_denom_cs_derive_r_public (&nonce,
+                                                 &dk_priv,
+                                                 &r_pub));
+  TALER_blinding_secret_create (&ps.blinding_key,
+                                TALER_DENOMINATION_CS,
+                                &ps.coin_priv,
+                                &r_pub);

-  // NEXT: Implement to create withdraw nonce
-  // Implement to get R_0 and R_1
+  // NEXT:
  // Implement to genrate b-seed from it and calculate c then§

  // GNUNET_assert (GNUNET_OK ==