taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed seed size for TALER_age_restriction_commit

Browse Source 
Also, added src/util/tv_age_restriction.{c,json} for/as test vectors for
age restriction.
This commit is contained in:
Özgür Kesim 2022-04-21 14:27:29 +02:00
parent 137bd97154
commit b84c88fc04
Signed by: oec
GPG Key ID: 3D76A56D79EDD9D7
6 changed files with 10055 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/benchmark/taler-aggregator-benchmark.c
View File

@ -499,20 +499,21 @@ run (void *cls,
&bks);
{
uint64_t seed;
struct GNUNET_HashCode seed;
struct TALER_AgeMask mask = {
.bits = 1 || 1 << 8 || 1 << 12 || 1 << 16 || 1 << 18
};
struct TALER_AgeCommitmentProof acp = {0};
seed = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK,
UINT64_MAX);
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&seed,
sizeof(seed));
GNUNET_assert (GNUNET_OK ==
TALER_age_restriction_commit (
&mask,
13,
seed,
&seed,
&acp));
TALER_age_commitment_hash (&acp.commitment, &hac);

4
src/include/taler_crypto_lib.h
View File

@ -4756,7 +4756,7 @@ TALER_age_commitment_hash (
*
* @param mask The age mask the defines the age groups
* @param age The actual age for which an age commitment is generated
* @param salt The salt that goes into the key generation. MUST be choosen uniformly random.
* @param seed The seed that goes into the key generation. MUST be choosen uniformly random.
* @param comm_proof[out] The generated age commitment, ->priv and ->pub allocated via GNUNET_malloc on success
* @return #GNUNET_OK on success, #GNUNET_SYSERR otherwise
*/
@ -4764,7 +4764,7 @@ enum GNUNET_GenericReturnValue
TALER_age_restriction_commit (
const struct TALER_AgeMask *mask,
const uint8_t age,
const uint64_t salt,
const struct GNUNET_HashCode *seed,
struct TALER_AgeCommitmentProof *comm_proof);

8
src/testing/testing_api_cmd_withdraw.c
View File

@ -578,19 +578,21 @@ TALER_TESTING_cmd_withdraw_amount (const char *label,
{
struct TALER_AgeCommitmentProof *acp;
struct TALER_AgeCommitmentHash *hac;
uint32_t seed;
struct GNUNET_HashCode seed;
struct TALER_AgeMask mask;
acp = GNUNET_new (struct TALER_AgeCommitmentProof);
hac = GNUNET_new (struct TALER_AgeCommitmentHash);
seed = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK, UINT64_MAX);
mask = TALER_extensions_age_restriction_ageMask ();
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&seed,
sizeof(seed));
if (GNUNET_OK !=
TALER_age_restriction_commit (
&mask,
age,
seed,
&seed,
acp))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,

11
src/util/age_restriction.c
View File

@ -85,9 +85,10 @@ enum GNUNET_GenericReturnValue
TALER_age_restriction_commit (
const struct TALER_AgeMask *mask,
const uint8_t age,
const uint64_t salt,
const struct GNUNET_HashCode *seed,
struct TALER_AgeCommitmentProof *new)
{
struct GNUNET_HashCode seed_i = *seed;
uint8_t num_pub = __builtin_popcount (mask->bits) - 1;
uint8_t num_priv = get_age_group (mask, age);
size_t i;
@ -118,21 +119,20 @@ TALER_age_restriction_commit (
* elliptic curve, so we can't simply fill the struct with random values. */
for (i = 0; i < num_pub; i++)
{
uint64_t salti = salt + i;
struct TALER_AgeCommitmentPrivateKeyP key = {0};
struct TALER_AgeCommitmentPrivateKeyP *pkey = &key;
/* Only save the private keys for age groups less than num_priv */
if (i < num_priv)
pkey = &new->proof.keys[i];
#ifndef AGE_RESTRICTION_WITH_ECDSA
GNUNET_CRYPTO_edx25519_key_create_from_seed (&salti,
sizeof(salti),
GNUNET_CRYPTO_edx25519_key_create_from_seed (&seed_i,
sizeof(seed_i),
&pkey->priv);
GNUNET_CRYPTO_edx25519_key_get_public (&pkey->priv,
&new->commitment.keys[i].pub);
seed_i.bits[0] += 1;
}
return GNUNET_OK;
@ -154,6 +154,7 @@ TALER_age_restriction_commit (
GNUNET_CRYPTO_ecdsa_key_get_public (&pkey->priv,
&new->commitment.keys[i].pub);
}
return GNUNET_OK;

273
src/util/tv_age_restriction.c Normal file
View File

@ -0,0 +1,273 @@
/**
* @file util/tv_age_restriction.c
* @brief Generate test vectors for age restriction
* @author Özgür Kesim
*
* compile in exchange/src/util with
*
* gcc tv_age_restriction.c \
* -lgnunetutil -lgnunetjson -lsodium -ljansson \
* -L/usr/lib/x86_64-linux-gnu -lmicrohttpd -ltalerutil \
* -I../include \
* -o tv_age_restriction
*
*/
#include "platform.h"
#include <gnunet/gnunet_json_lib.h>
#include <gnunet/gnunet_util_lib.h>
#include <jansson.h>
#include <taler/taler_util.h>
#include <taler/taler_crypto_lib.h>
static struct TALER_AgeMask age_masks[] = {
{ .bits = 1
| 1 << 8 | 1 << 14 | 1 << 18 },
{ .bits = 1
| 1 << 8 | 1 << 10 | 1 << 12
| 1 << 14 | 1 << 16 | 1 << 18 | 1 << 21 },
};
extern uint8_t
get_age_group (
const struct TALER_AgeMask *mask,
uint8_t age);
/**
* Encodes the age mask into a string, like "8:10:12:14:16:18:21"
*
* @param mask Age mask
* @return String representation of the age mask, allocated by GNUNET_malloc.
* Can be used as value in the TALER config.
*/
char *
age_mask_to_string (
const struct TALER_AgeMask *m)
{
uint32_t bits = m->bits;
unsigned int n = 0;
char *buf = GNUNET_malloc (32 * 3); // max characters possible
char *pos = buf;
if (NULL == buf)
{
return buf;
}
while (bits != 0)
{
bits >>= 1;
n++;
if (0 == (bits & 1))
{
continue;
}
if (n > 9)
{
*(pos++) = '0' + n / 10;
}
*(pos++) = '0' + n % 10;
if (0 != (bits >> 1))
{
*(pos++) = ':';
}
}
return buf;
}
static json_t *
cp_to_j (
const struct GNUNET_HashCode *seed,
struct TALER_AgeCommitmentProof *acp,
uint8_t seq)
{
json_t *j_commitment;
json_t *j_proof;
json_t *j_pubs;
json_t *j_privs;
struct TALER_AgeCommitmentHash hac = {0};
char buf[256] = {0};
TALER_age_commitment_hash (&acp->commitment, &hac);
j_pubs = json_array ();
GNUNET_assert (NULL != j_pubs);
for (unsigned int i = 0; i < acp->commitment.num; i++)
{
json_t *j_pub = GNUNET_JSON_PACK (
GNUNET_JSON_pack_data_auto (NULL,
&acp->commitment.keys[i]));
json_array_append_new (j_pubs, j_pub);
}
j_commitment = GNUNET_JSON_PACK (
GNUNET_JSON_pack_uint64 ("num", acp->commitment.num),
GNUNET_JSON_pack_array_steal ("edx25519_pubs", j_pubs),
GNUNET_JSON_pack_data_auto ("h_age_commitment", &hac));
j_privs = json_array ();
GNUNET_assert (NULL != j_privs);
for (unsigned int i = 0; i < acp->proof.num; i++)
{
json_t *j_priv = GNUNET_JSON_PACK (
GNUNET_JSON_pack_data_auto (NULL,
&acp->proof.keys[i]));
json_array_append_new (j_privs, j_priv);
}
j_proof = GNUNET_JSON_PACK (
GNUNET_JSON_pack_uint64 ("num", acp->proof.num),
GNUNET_JSON_pack_array_steal ("edx25519_privs", j_privs));
if (0 == seq)
{
strcpy (buf, "commit()");
}
else
{
sprintf (buf,
"derive_from(%d)",
seq);
}
return GNUNET_JSON_PACK (
GNUNET_JSON_pack_string ("generated_by", buf),
GNUNET_JSON_pack_data_auto ("seed", seed),
GNUNET_JSON_pack_object_steal ("proof", j_proof),
GNUNET_JSON_pack_object_steal ("commitment", j_commitment));
};
static json_t *
generate (
struct TALER_AgeMask *mask)
{
uint8_t age;
json_t *j_commitproofs;
j_commitproofs = json_array ();
for (age = 0; age < 24; age += 2)
{
json_t *j_top = json_object ();
json_t *j_seq = json_array ();
enum GNUNET_GenericReturnValue ret;
struct TALER_AgeCommitmentProof acp[3] = {0};
uint8_t age_group = get_age_group (mask, age);
struct GNUNET_HashCode seed;
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&seed,
sizeof(seed));
json_object_set (j_top,
"commited_age",
json_integer (age));
ret = TALER_age_restriction_commit (mask,
age,
&seed,
&acp[0]);
GNUNET_assert (GNUNET_OK == ret);
/* Also derive two more commitments right away */
for (uint8_t i = 0; i<2; i++)
{
uint64_t salt = GNUNET_CRYPTO_random_u64 (GNUNET_CRYPTO_QUALITY_WEAK,
UINT64_MAX / 2);
GNUNET_assert (GNUNET_OK ==
TALER_age_commitment_derive (&acp[i],
salt,
&acp[i + 1]));
}
for (uint8_t i = 0; i < 3; i++)
{
json_t *j_cp = cp_to_j (&seed, &acp[i], i);
json_t *j_attestations = json_array ();
for (uint8_t min = 0; min < 22; min++)
{
json_t *j_attest = json_object ();
json_t *j_reason;
uint8_t min_group = get_age_group (mask, min);
struct TALER_AgeAttestation at = {0};
json_object_set (j_attest,
"required_minimum_age",
json_integer (min));
json_object_set (j_attest,
"calculated_age_group",
json_integer (min_group));
ret = TALER_age_commitment_attest (&acp[i],
min,
&at);
if (0 == min_group)
j_reason = json_string (
"not required: age group is 0");
else if (min_group > age_group)
j_reason = json_string (
"not applicable: commited age too small");
else
j_reason = GNUNET_JSON_PACK (
GNUNET_JSON_pack_data_auto (NULL, &at));
json_object_set (j_attest,
"attestation",
j_reason);
json_array_append_new (j_attestations,
j_attest);
}
json_object_set (j_cp, "attestations", j_attestations);
json_array_append (j_seq, j_cp);
TALER_age_commitment_proof_free (&acp[i]);
}
json_object_set (j_top, "commitment_proof_attestation_seq", j_seq);
json_array_append_new (j_commitproofs, j_top);
}
return j_commitproofs;
}
int
main (int argc,
const char *const argv[])
{
(void) argc;
(void) argv;
json_t *j_data = json_array ();
for (unsigned int i = 0; i < 2; i++)
{
struct TALER_AgeMask mask = age_masks[i];
json_t *j_test = json_object ();
json_object_set (j_test,
"age_groups",
json_string (age_mask_to_string (&mask)));
json_object_set (j_test,
"age_mask",
json_integer (mask.bits));
json_object_set (j_test,
"test_data",
generate (&mask));
json_array_append_new (j_data, j_test);
}
printf ("%s\n", json_dumps (j_data, JSON_INDENT (2)
| JSON_COMPACT));
json_decref (j_data);
return 0;
}
/* end of tv_age_restriction.c */

9764
src/util/tv_age_restriction.json Normal file
View File

File diff suppressed because it is too large Load Diff