[age restriction] progress 19/19 (final) - Use Edx25519 for crypto
We switch from EcDSA to Edx25519 for the underlying signature scheme. Edx25519 is implemented in gnunet, starting with (gnunet-)commit ce38d1f6c9bd7857a1c3bc2094a0ee9752b86c32.
This commit is contained in:
parent
d61a19c275
commit
a2386abadb
@ -386,10 +386,17 @@ struct TALER_CoinSpendSignatureP
|
|||||||
*/
|
*/
|
||||||
struct TALER_AgeCommitmentPrivateKeyP
|
struct TALER_AgeCommitmentPrivateKeyP
|
||||||
{
|
{
|
||||||
|
#ifdef AGE_RESTRICTION_WITH_ECDSA
|
||||||
/**
|
/**
|
||||||
* Taler uses EcDSA for coins when signing age verification attestation.
|
* Taler uses EcDSA for coins when signing age verification attestation.
|
||||||
*/
|
*/
|
||||||
struct GNUNET_CRYPTO_EcdsaPrivateKey priv;
|
struct GNUNET_CRYPTO_EcdsaPrivateKey priv;
|
||||||
|
#else
|
||||||
|
/**
|
||||||
|
* Taler uses Edx25519 for coins when signing age verification attestation.
|
||||||
|
*/
|
||||||
|
struct GNUNET_CRYPTO_Edx25519PrivateKey priv;
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@ -398,10 +405,17 @@ struct TALER_AgeCommitmentPrivateKeyP
|
|||||||
*/
|
*/
|
||||||
struct TALER_AgeCommitmentPublicKeyP
|
struct TALER_AgeCommitmentPublicKeyP
|
||||||
{
|
{
|
||||||
|
#ifdef AGE_RESTRICTION_WITH_ECDSA
|
||||||
/**
|
/**
|
||||||
* Taler uses EcDSA for coins when signing age verification attestation.
|
* Taler uses EcDSA for coins when signing age verification attestation.
|
||||||
*/
|
*/
|
||||||
struct GNUNET_CRYPTO_EcdsaPublicKey pub;
|
struct GNUNET_CRYPTO_EcdsaPublicKey pub;
|
||||||
|
#else
|
||||||
|
/**
|
||||||
|
* Taler uses Edx25519 for coins when signing age verification attestation.
|
||||||
|
*/
|
||||||
|
struct GNUNET_CRYPTO_Edx25519PublicKey pub;
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@ -1174,7 +1188,11 @@ struct TALER_AgeCommitmentHash
|
|||||||
*/
|
*/
|
||||||
struct TALER_AgeAttestation
|
struct TALER_AgeAttestation
|
||||||
{
|
{
|
||||||
|
#ifdef AGE_RESTRICTION_WITH_ECDSA
|
||||||
struct GNUNET_CRYPTO_EcdsaSignature signature;
|
struct GNUNET_CRYPTO_EcdsaSignature signature;
|
||||||
|
#else
|
||||||
|
struct GNUNET_CRYPTO_Edx25519Signature signature;
|
||||||
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
extern const struct TALER_AgeCommitmentHash TALER_ZeroAgeCommitmentHash;
|
extern const struct TALER_AgeCommitmentHash TALER_ZeroAgeCommitmentHash;
|
||||||
|
@ -47,8 +47,7 @@ TALER_age_commitment_hash (
|
|||||||
{
|
{
|
||||||
GNUNET_CRYPTO_hash_context_read (hash_context,
|
GNUNET_CRYPTO_hash_context_read (hash_context,
|
||||||
&commitment->keys[i],
|
&commitment->keys[i],
|
||||||
sizeof(struct
|
sizeof(commitment->keys[i]));
|
||||||
GNUNET_CRYPTO_EcdsaPublicKey));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
GNUNET_CRYPTO_hash_context_finish (hash_context,
|
GNUNET_CRYPTO_hash_context_finish (hash_context,
|
||||||
@ -128,13 +127,23 @@ TALER_age_restriction_commit (
|
|||||||
if (i < num_priv)
|
if (i < num_priv)
|
||||||
pkey = &new->proof.keys[i];
|
pkey = &new->proof.keys[i];
|
||||||
|
|
||||||
|
#ifndef AGE_RESTRICTION_WITH_ECDSA
|
||||||
|
GNUNET_CRYPTO_edx25519_key_create_from_seed (&salti,
|
||||||
|
sizeof(salti),
|
||||||
|
&pkey->priv);
|
||||||
|
GNUNET_CRYPTO_edx25519_key_get_public (&pkey->priv,
|
||||||
|
&new->commitment.keys[i].pub);
|
||||||
|
}
|
||||||
|
|
||||||
|
return GNUNET_OK;
|
||||||
|
#else
|
||||||
if (GNUNET_OK !=
|
if (GNUNET_OK !=
|
||||||
GNUNET_CRYPTO_kdf (pkey,
|
GNUNET_CRYPTO_kdf (pkey,
|
||||||
sizeof (*pkey),
|
sizeof (*pkey),
|
||||||
&salti,
|
&salti,
|
||||||
sizeof (salti),
|
sizeof (salti),
|
||||||
"age commitment",
|
"age commitment",
|
||||||
strlen ("age derivation"),
|
strlen ("age commitment"),
|
||||||
NULL, 0))
|
NULL, 0))
|
||||||
goto FAIL;
|
goto FAIL;
|
||||||
|
|
||||||
@ -154,6 +163,7 @@ FAIL:
|
|||||||
if (NULL != new->proof.keys)
|
if (NULL != new->proof.keys)
|
||||||
GNUNET_free (new->proof.keys);
|
GNUNET_free (new->proof.keys);
|
||||||
return GNUNET_SYSERR;
|
return GNUNET_SYSERR;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -163,8 +173,6 @@ TALER_age_commitment_derive (
|
|||||||
const uint64_t salt,
|
const uint64_t salt,
|
||||||
struct TALER_AgeCommitmentProof *new)
|
struct TALER_AgeCommitmentProof *new)
|
||||||
{
|
{
|
||||||
char label[sizeof(uint64_t) + 1] = {0};
|
|
||||||
|
|
||||||
GNUNET_assert (NULL != new);
|
GNUNET_assert (NULL != new);
|
||||||
GNUNET_assert (orig->proof.num <=
|
GNUNET_assert (orig->proof.num <=
|
||||||
orig->commitment.num);
|
orig->commitment.num);
|
||||||
@ -184,13 +192,34 @@ TALER_age_commitment_derive (
|
|||||||
new->proof.num,
|
new->proof.num,
|
||||||
struct TALER_AgeCommitmentPrivateKeyP);
|
struct TALER_AgeCommitmentPrivateKeyP);
|
||||||
|
|
||||||
|
#ifndef AGE_RESTRICTION_WITH_ECDSA
|
||||||
|
/* 1. Derive the public keys */
|
||||||
|
for (size_t i = 0; i < orig->commitment.num; i++)
|
||||||
{
|
{
|
||||||
/* Because GNUNET_CRYPTO_ecdsa_public_key_derive expects char * (and calls
|
GNUNET_CRYPTO_edx25519_public_key_derive (
|
||||||
* strlen on it), we must avoid 0's in the label. */
|
&orig->commitment.keys[i].pub,
|
||||||
uint64_t nz_salt = salt | 0x8040201008040201;
|
&salt,
|
||||||
memcpy (label, &nz_salt, sizeof(nz_salt));
|
sizeof(salt),
|
||||||
|
&new->commitment.keys[i].pub);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* 2. Derive the private keys */
|
||||||
|
for (size_t i = 0; i < orig->proof.num; i++)
|
||||||
|
{
|
||||||
|
GNUNET_CRYPTO_edx25519_private_key_derive (
|
||||||
|
&orig->proof.keys[i].priv,
|
||||||
|
&salt,
|
||||||
|
sizeof(salt),
|
||||||
|
&new->proof.keys[i].priv);
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
char label[sizeof(uint64_t) + 1] = {0};
|
||||||
|
|
||||||
|
/* Because GNUNET_CRYPTO_ecdsa_public_key_derive expects char * (and calls
|
||||||
|
* strlen on it), we must avoid 0's in the label. */
|
||||||
|
uint64_t nz_salt = salt | 0x8040201008040201;
|
||||||
|
memcpy (label, &nz_salt, sizeof(nz_salt));
|
||||||
|
|
||||||
/* 1. Derive the public keys */
|
/* 1. Derive the public keys */
|
||||||
for (size_t i = 0; i < orig->commitment.num; i++)
|
for (size_t i = 0; i < orig->commitment.num; i++)
|
||||||
{
|
{
|
||||||
@ -212,6 +241,7 @@ TALER_age_commitment_derive (
|
|||||||
new->proof.keys[i].priv = *priv;
|
new->proof.keys[i].priv = *priv;
|
||||||
GNUNET_free (priv);
|
GNUNET_free (priv);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
return GNUNET_OK;
|
return GNUNET_OK;
|
||||||
}
|
}
|
||||||
@ -276,9 +306,14 @@ TALER_age_commitment_attest (
|
|||||||
.age = age
|
.age = age
|
||||||
};
|
};
|
||||||
|
|
||||||
GNUNET_CRYPTO_ecdsa_sign (&cp->proof.keys[group - 1].priv,
|
#ifndef AGE_RESTRICTION_WITH_ECDSA
|
||||||
&at,
|
#define sign(a,b,c) GNUNET_CRYPTO_edx25519_sign (a,b,c)
|
||||||
&attest->signature);
|
#else
|
||||||
|
#define sign(a,b,c) GNUNET_CRYPTO_ecdsa_sign (a,b,c)
|
||||||
|
#endif
|
||||||
|
sign (&cp->proof.keys[group - 1].priv,
|
||||||
|
&at,
|
||||||
|
&attest->signature);
|
||||||
}
|
}
|
||||||
|
|
||||||
return GNUNET_OK;
|
return GNUNET_OK;
|
||||||
@ -316,11 +351,15 @@ TALER_age_commitment_verify (
|
|||||||
.age = age,
|
.age = age,
|
||||||
};
|
};
|
||||||
|
|
||||||
return
|
#ifndef AGE_RESTRICTION_WITH_ECDSA
|
||||||
GNUNET_CRYPTO_ecdsa_verify (TALER_SIGNATURE_WALLET_AGE_ATTESTATION,
|
#define verify(a,b,c,d) GNUNET_CRYPTO_edx25519_verify (a,b,c,d)
|
||||||
&at,
|
#else
|
||||||
&attest->signature,
|
#define verify(a,b,c,d) GNUNET_CRYPTO_ecdsa_verify (a,b,c,d)
|
||||||
&comm->keys[group - 1].pub);
|
#endif
|
||||||
|
return verify (TALER_SIGNATURE_WALLET_AGE_ATTESTATION,
|
||||||
|
&at,
|
||||||
|
&attest->signature,
|
||||||
|
&comm->keys[group - 1].pub);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user