taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add support for batch signing in RSA

Browse Source
This commit is contained in:
Christian Grothoff 2022-11-13 14:46:43 +01:00
parent f2eba7b8b7
commit b93b9dd074
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
2 changed files with 406 additions and 150 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

306
src/util/crypto_helper_rsa.c
View File

@ -623,6 +623,7 @@ TALER_CRYPTO_helper_rsa_batch_sign (
rsrs_length); rsrs_length);
rpos = 0; rpos = 0;
rend = 0; rend = 0;
wpos = 0;
while (rpos < rsrs_length) while (rpos < rsrs_length)
{ {
unsigned int mlen = sizeof (struct TALER_CRYPTO_BatchSignRequest); unsigned int mlen = sizeof (struct TALER_CRYPTO_BatchSignRequest);
@ -639,15 +640,15 @@ TALER_CRYPTO_helper_rsa_batch_sign (
char obuf[mlen] GNUNET_ALIGN; char obuf[mlen] GNUNET_ALIGN;
struct TALER_CRYPTO_BatchSignRequest *bsr struct TALER_CRYPTO_BatchSignRequest *bsr
= (struct TALER_CRYPTO_BatchSignRequest *) obuf; = (struct TALER_CRYPTO_BatchSignRequest *) obuf;
void *wpos; void *wbuf;
bsr->header.type = htons (TALER_HELPER_RSA_MT_REQ_BATCH_SIGN); bsr->header.type = htons (TALER_HELPER_RSA_MT_REQ_BATCH_SIGN);
bsr->header.size = htons (mlen); bsr->header.size = htons (mlen);
bsr->batch_size = htonl (rend - rpos); bsr->batch_size = htonl (rend - rpos);
wpos = &bsr[1]; wbuf = &bsr[1];
for (unsigned int i = rpos; i<rend; i++) for (unsigned int i = rpos; i<rend; i++)
{ {
struct TALER_CRYPTO_SignRequest *sr = wpos; struct TALER_CRYPTO_SignRequest *sr = wbuf;
const struct TALER_CRYPTO_RsaSignRequest *rsr = &rsrs[i]; const struct TALER_CRYPTO_RsaSignRequest *rsr = &rsrs[i];
sr->header.type = htons (TALER_HELPER_RSA_MT_REQ_SIGN); sr->header.type = htons (TALER_HELPER_RSA_MT_REQ_SIGN);
@ -657,9 +658,13 @@ TALER_CRYPTO_helper_rsa_batch_sign (
memcpy (&sr[1], memcpy (&sr[1],
rsr->msg, rsr->msg,
rsr->msg_size); rsr->msg_size);
wpos += sizeof (*sr) + rsr->msg_size; wbuf += sizeof (*sr) + rsr->msg_size;
} }
GNUNET_assert (wpos == &obuf[mlen]); GNUNET_assert (wbuf == &obuf[mlen]);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Sending batch request [%u-%u)\n",
rpos,
rend);
if (GNUNET_OK != if (GNUNET_OK !=
TALER_crypto_helper_send_all (dh->sock, TALER_crypto_helper_send_all (dh->sock,
obuf, obuf,
@ -672,170 +677,175 @@ TALER_CRYPTO_helper_rsa_batch_sign (
} }
} }
rpos = rend; rpos = rend;
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Awaiting reply\n");
wpos = 0;
{
char buf[UINT16_MAX];
size_t off = 0;
const struct GNUNET_MessageHeader *hdr
= (const struct GNUNET_MessageHeader *) buf;
bool finished = false;
while (1)
{ {
uint16_t msize; char buf[UINT16_MAX];
ssize_t ret; size_t off = 0;
const struct GNUNET_MessageHeader *hdr
= (const struct GNUNET_MessageHeader *) buf;
bool finished = false;
ret = recv (dh->sock, while (1)
&buf[off], {
sizeof (buf) - off, uint16_t msize;
(finished && (0 == off)) ssize_t ret;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Awaiting reply at %u (up to %u)\n",
wpos,
rend);
ret = recv (dh->sock,
&buf[off],
sizeof (buf) - off,
(finished && (0 == off))
? MSG_DONTWAIT ? MSG_DONTWAIT
: 0); : 0);
if (ret < 0) if (ret < 0)
{
if (EINTR == errno)
continue;
if (EAGAIN == errno)
{ {
GNUNET_assert (finished); if (EINTR == errno)
GNUNET_assert (0 == off); continue;
if (EAGAIN == errno)
{
GNUNET_assert (finished);
GNUNET_assert (0 == off);
break;
}
GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING,
"recv");
do_disconnect (dh);
ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_UNAVAILABLE;
break;
}
if (0 == ret)
{
GNUNET_break (0 == off);
if (! finished)
ec = TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
if (TALER_EC_NONE == ec)
break;
return ec; return ec;
} }
GNUNET_log_strerror (GNUNET_ERROR_TYPE_WARNING, off += ret;
"recv");
do_disconnect (dh);
ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_UNAVAILABLE;
break;
}
if (0 == ret)
{
GNUNET_break (0 == off);
if (! finished)
ec = TALER_EC_EXCHANGE_SIGNKEY_HELPER_BUG;
return ec;
}
off += ret;
more: more:
if (off < sizeof (struct GNUNET_MessageHeader)) if (off < sizeof (struct GNUNET_MessageHeader))
continue; continue;
msize = ntohs (hdr->size); msize = ntohs (hdr->size);
if (off < msize) if (off < msize)
continue; continue;
switch (ntohs (hdr->type)) switch (ntohs (hdr->type))
{
case TALER_HELPER_RSA_MT_RES_SIGNATURE:
if (msize < sizeof (struct TALER_CRYPTO_SignResponse))
{ {
GNUNET_break_op (0); case TALER_HELPER_RSA_MT_RES_SIGNATURE:
do_disconnect (dh); if (msize < sizeof (struct TALER_CRYPTO_SignResponse))
ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
goto end;
}
if (finished)
{
GNUNET_break_op (0);
do_disconnect (dh);
ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
goto end;
}
{
const struct TALER_CRYPTO_SignResponse *sr =
(const struct TALER_CRYPTO_SignResponse *) buf;
struct GNUNET_CRYPTO_RsaSignature *rsa_signature;
rsa_signature = GNUNET_CRYPTO_rsa_signature_decode (
&sr[1],
msize - sizeof (*sr));
if (NULL == rsa_signature)
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
do_disconnect (dh); do_disconnect (dh);
ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG; return TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
goto end;
} }
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, if (finished)
"Received %u signature\n",
wpos);
bss[wpos].cipher = TALER_DENOMINATION_RSA;
bss[wpos].details.blinded_rsa_signature = rsa_signature;
wpos++;
if (wpos == rsrs_length)
{ {
ec = TALER_EC_NONE; GNUNET_break_op (0);
finished = true; do_disconnect (dh);
return TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
} }
break; {
} const struct TALER_CRYPTO_SignResponse *sr =
case TALER_HELPER_RSA_MT_RES_SIGN_FAILURE: (const struct TALER_CRYPTO_SignResponse *) buf;
if (msize != sizeof (struct TALER_CRYPTO_SignFailure)) struct GNUNET_CRYPTO_RsaSignature *rsa_signature;
{
GNUNET_break_op (0);
do_disconnect (dh);
ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
goto end;
}
{
const struct TALER_CRYPTO_SignFailure *sf =
(const struct TALER_CRYPTO_SignFailure *) buf;
ec = (enum TALER_ErrorCode) ntohl (sf->ec); rsa_signature = GNUNET_CRYPTO_rsa_signature_decode (
&sr[1],
msize - sizeof (*sr));
if (NULL == rsa_signature)
{
GNUNET_break_op (0);
do_disconnect (dh);
return TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
}
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Received %u signature\n",
wpos);
bss[wpos].cipher = TALER_DENOMINATION_RSA;
bss[wpos].details.blinded_rsa_signature = rsa_signature;
wpos++;
if (wpos == rend)
{
if (TALER_EC_INVALID == ec)
ec = TALER_EC_NONE;
finished = true;
}
break;
}
case TALER_HELPER_RSA_MT_RES_SIGN_FAILURE:
if (msize != sizeof (struct TALER_CRYPTO_SignFailure))
{
GNUNET_break_op (0);
do_disconnect (dh);
return TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
}
{
const struct TALER_CRYPTO_SignFailure *sf =
(const struct TALER_CRYPTO_SignFailure *) buf;
ec = (enum TALER_ErrorCode) ntohl (sf->ec);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Signing failed with status %d!\n",
ec);
wpos++;
if (wpos == rend)
{
finished = true;
}
break;
}
case TALER_HELPER_RSA_MT_AVAIL:
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Signing failed!\n"); "Received new key!\n");
finished = true; if (GNUNET_OK !=
handle_mt_avail (dh,
hdr))
{
GNUNET_break_op (0);
do_disconnect (dh);
return TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
}
break; /* while(1) loop ensures we recvfrom() again */
case TALER_HELPER_RSA_MT_PURGE:
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Received revocation!\n");
if (GNUNET_OK !=
handle_mt_purge (dh,
hdr))
{
GNUNET_break_op (0);
do_disconnect (dh);
return TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
}
break; /* while(1) loop ensures we recvfrom() again */
case TALER_HELPER_RSA_SYNCED:
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Synchronized add odd time with RSA helper!\n");
dh->synced = true;
break; break;
} default:
case TALER_HELPER_RSA_MT_AVAIL:
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Received new key!\n");
if (GNUNET_OK !=
handle_mt_avail (dh,
hdr))
{
GNUNET_break_op (0); GNUNET_break_op (0);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Received unexpected message of type %u\n",
ntohs (hdr->type));
do_disconnect (dh); do_disconnect (dh);
ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG; return TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
goto end;
} }
break; /* while(1) loop ensures we recvfrom() again */ memmove (buf,
case TALER_HELPER_RSA_MT_PURGE: &buf[msize],
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, off - msize);
"Received revocation!\n"); off -= msize;
if (GNUNET_OK != goto more;
handle_mt_purge (dh, } /* while(1) */
hdr)) } /* scope */
{ } /* while (rpos < rsrs_length) */
GNUNET_break_op (0); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
do_disconnect (dh); "Existing with %u signatures and status %d\n",
ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG; wpos,
goto end; ec);
} return ec;
break; /* while(1) loop ensures we recvfrom() again */
case TALER_HELPER_RSA_SYNCED:
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Synchronized add odd time with RSA helper!\n");
dh->synced = true;
break;
default:
GNUNET_break_op (0);
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Received unexpected message of type %u\n",
ntohs (hdr->type));
do_disconnect (dh);
ec = TALER_EC_EXCHANGE_DENOMINATION_HELPER_BUG;
goto end;
}
memmove (buf,
&buf[msize],
off - msize);
off -= msize;
goto more;
} /* while(1) */
end:
return ec;
}
} }

250
src/util/test_helper_rsa.c
View File

@ -1,6 +1,6 @@
/* /*
This file is part of TALER This file is part of TALER
(C) 2020, 2021 Taler Systems SA (C) 2020, 2021, 2022 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software terms of the GNU General Public License as published by the Free Software
@ -440,6 +440,223 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh)
} }
/**
* Test batch signing logic.
*
* @param dh handle to the helper
* @param batch_size how large should the batch be
* @param check_sigs also check unknown key and signatures
* @return 0 on success
*/
static int
test_batch_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh,
unsigned int batch_size,
bool check_sigs)
{
struct TALER_BlindedDenominationSignature ds[batch_size];
enum TALER_ErrorCode ec;
bool success = false;
struct TALER_PlanchetMasterSecretP ps[batch_size];
struct TALER_ExchangeWithdrawValues alg_values[batch_size];
struct TALER_AgeCommitmentHash ach[batch_size];
struct TALER_CoinPubHashP c_hash[batch_size];
struct TALER_CoinSpendPrivateKeyP coin_priv[batch_size];
union TALER_DenominationBlindingKeyP bks[batch_size];
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&ps,
sizeof (ps));
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&ach,
sizeof(ach));
for (unsigned int i = 0; i<batch_size; i++)
{
alg_values[i].cipher = TALER_DENOMINATION_RSA;
TALER_planchet_setup_coin_priv (&ps[i],
&alg_values[i],
&coin_priv[i]);
TALER_planchet_blinding_secret_create (&ps[i],
&alg_values[i],
&bks[i]);
}
for (unsigned int k = 0; k<MAX_KEYS; k++)
{
if (success && ! check_sigs)
break; /* only do one round */
if (! keys[k].valid)
continue;
if (TALER_DENOMINATION_RSA != keys[k].denom_pub.cipher)
continue;
{
struct TALER_PlanchetDetail pd[batch_size];
struct TALER_CRYPTO_RsaSignRequest rsr[batch_size];
for (unsigned int i = 0; i<batch_size; i++)
{
pd[i].blinded_planchet.cipher = TALER_DENOMINATION_RSA;
GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[k].denom_pub,
&alg_values[i],
&bks[i],
&coin_priv[i],
&ach[i],
&c_hash[i],
&pd[i]));
rsr[i].h_rsa
= &keys[k].h_rsa;
rsr[i].msg
= pd[i].blinded_planchet.details.rsa_blinded_planchet.blinded_msg;
rsr[i].msg_size
= pd[i].blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size;
}
ec = TALER_CRYPTO_helper_rsa_batch_sign (dh,
rsr,
batch_size,
ds);
for (unsigned int i = 0; i<batch_size; i++)
{
if (TALER_EC_NONE == ec)
GNUNET_break (TALER_DENOMINATION_RSA ==
ds[i].cipher);
TALER_blinded_planchet_free (&pd[i].blinded_planchet);
}
}
switch (ec)
{
case TALER_EC_NONE:
if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_remaining (
keys[k].start_time.abs_time),
>,
GNUNET_TIME_UNIT_SECONDS))
{
/* key worked too early */
GNUNET_break (0);
return 4;
}
if (GNUNET_TIME_relative_cmp (GNUNET_TIME_absolute_get_duration (
keys[k].start_time.abs_time),
>,
keys[k].validity_duration))
{
/* key worked too later */
GNUNET_break (0);
return 5;
}
for (unsigned int i = 0; i<batch_size; i++)
{
struct TALER_DenominationSignature rs;
if (check_sigs)
{
if (GNUNET_OK !=
TALER_denom_sig_unblind (&rs,
&ds[i],
&bks[i],
&c_hash[i],
&alg_values[i],
&keys[k].denom_pub))
{
GNUNET_break (0);
return 6;
}
}
TALER_blinded_denom_sig_free (&ds[i]);
if (check_sigs)
{
if (GNUNET_OK !=
TALER_denom_pub_verify (&keys[k].denom_pub,
&rs,
&c_hash[i]))
{
/* signature invalid */
GNUNET_break (0);
TALER_denom_sig_free (&rs);
return 7;
}
TALER_denom_sig_free (&rs);
}
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Received valid signature for key %s\n",
GNUNET_h2s (&keys[k].h_rsa.hash));
success = true;
break;
case TALER_EC_EXCHANGE_DENOMINATION_HELPER_TOO_EARLY:
/* This 'failure' is expected, we're testing also for the
error handling! */
for (unsigned int i = 0; i<batch_size; i++)
TALER_blinded_denom_sig_free (&ds[i]);
if ( (GNUNET_TIME_relative_is_zero (
GNUNET_TIME_absolute_get_remaining (
keys[k].start_time.abs_time))) &&
(GNUNET_TIME_relative_cmp (
GNUNET_TIME_absolute_get_duration (
keys[k].start_time.abs_time),
<,
keys[k].validity_duration)) )
{
/* key should have worked! */
GNUNET_break (0);
return 6;
}
break;
case TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN:
for (unsigned int i = 0; i<batch_size; i++)
TALER_blinded_denom_sig_free (&ds[i]);
default:
/* unexpected error */
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Unexpected error %d at %s:%u\n",
ec,
__FILE__,
__LINE__);
for (unsigned int i = 0; i<batch_size; i++)
TALER_blinded_denom_sig_free (&ds[i]);
return 7;
}
}
if (! success)
{
/* no valid key for signing found, also bad */
GNUNET_break (0);
return 16;
}
/* check signing does not work if the key is unknown */
if (check_sigs)
{
struct TALER_RsaPubHashP rnd;
struct TALER_CRYPTO_RsaSignRequest rsr = {
.h_rsa = &rnd,
.msg = "Hello",
.msg_size = strlen ("Hello")
};
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&rnd,
sizeof (rnd));
ec = TALER_CRYPTO_helper_rsa_batch_sign (dh,
&rsr,
1,
ds);
if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec)
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Signing with invalid key returned unexpected status %d\n",
ec);
if (TALER_EC_NONE == ec)
TALER_blinded_denom_sig_free (ds);
GNUNET_break (0);
return 17;
}
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Signing with invalid key %s failed as desired\n",
GNUNET_h2s (&rnd.hash));
}
return 0;
}
/** /**
* Benchmark signing logic. * Benchmark signing logic.
* *
@ -614,7 +831,8 @@ run_test (void)
return 77; return 77;
} }
fprintf (stderr, "Waiting for helper to start ... "); fprintf (stderr,
"Waiting for helper to start ... ");
for (unsigned int i = 0; i<100; i++) for (unsigned int i = 0; i<100; i++)
{ {
nanosleep (&req, nanosleep (&req,
@ -649,6 +867,34 @@ run_test (void)
ret = test_revocation (dh); ret = test_revocation (dh);
if (0 == ret) if (0 == ret)
ret = test_signing (dh); ret = test_signing (dh);
if (0 == ret)
ret = test_batch_signing (dh,
2,
true);
if (0 == ret)
ret = test_batch_signing (dh,
256,
true);
for (unsigned int i = 0; i<5; i++)
{
static unsigned int batches[] = { 1, 4, 16, 64, 256 };
unsigned int batch_size = batches[i];
struct GNUNET_TIME_Absolute start;
struct GNUNET_TIME_Relative duration;
start = GNUNET_TIME_absolute_get ();
if (0 != ret)
break;
ret = test_batch_signing (dh,
batch_size,
false);
duration = GNUNET_TIME_absolute_get_duration (start);
fprintf (stderr,
"%4u (batch) signature operations took %s (total real time)\n",
(unsigned int) batch_size,
GNUNET_STRINGS_relative_time_to_string (duration,
GNUNET_YES));
}
if (0 == ret) if (0 == ret)
ret = perf_signing (dh, ret = perf_signing (dh,
"sequential"); "sequential");