conditionally use (un)blinding implementation from libgnunetutil

This commit is contained in:
Florian Dold 2020-12-04 12:09:27 +01:00
parent 86dd5d46dd
commit d3b714922f
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
5 changed files with 129 additions and 29 deletions

View File

@ -438,7 +438,7 @@ verify_and_execute_recoup (struct MHD_Connection *connection,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
&c_hash); &c_hash);
if (GNUNET_YES != if (GNUNET_YES !=
GNUNET_CRYPTO_rsa_blind (&c_hash, TALER_rsa_blind (&c_hash,
&coin_bks->bks, &coin_bks->bks,
dki->denom_pub.rsa_public_key, dki->denom_pub.rsa_public_key,
&coin_ev, &coin_ev,

View File

@ -1142,4 +1142,37 @@ TALER_merchant_wire_signature_make (
struct TALER_MerchantSignatureP *merch_sig); struct TALER_MerchantSignatureP *merch_sig);
/**
* Blinds the given message with the given blinding key
*
* @param hash hash of the message to sign
* @param bkey the blinding key
* @param pkey the public key of the signer
* @param[out] buf set to a buffer with the blinded message to be signed
* @param[out] buf_size number of bytes stored in @a buf
* @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
*/
int
TALER_rsa_blind (const struct GNUNET_HashCode *hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey,
void **buf,
size_t *buf_size);
/**
* Unblind a blind-signed signature. The signature should have been generated
* with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
* #GNUNET_CRYPTO_rsa_blind().
*
* @param sig the signature made on the blinded signature purpose
* @param bks the blinding key secret used to blind the signature purpose
* @param pkey the public key of the signer
* @return unblinded signature on success, NULL if RSA key is bad or malicious.
*/
struct GNUNET_CRYPTO_RsaSignature *
TALER_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey);
#endif #endif

View File

@ -123,7 +123,7 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
/* extract coin and signature */ /* extract coin and signature */
*coin_priv = fc.coin_priv; *coin_priv = fc.coin_priv;
sig->rsa_signature sig->rsa_signature
= GNUNET_CRYPTO_rsa_unblind (bsig, = TALER_rsa_unblind (bsig,
&fc.blinding_key.bks, &fc.blinding_key.bks,
rpub); rpub);
/* verify link_sig */ /* verify link_sig */

View File

@ -25,6 +25,19 @@
#include "taler_util.h" #include "taler_util.h"
#include <gcrypt.h> #include <gcrypt.h>
/**
* Should we use the RSA blind signing implementation
* from libgnunetutil? The blinding only works
* correctly with a current version of libgnunetutil.
*
* Only applies to blinding and unblinding, but
* not to blind signing.
*
* FIXME: Can we define some macro for this in configure.ac
* to detect the version?
*/
#define USE_GNUNET_RSA_BLINDING 1
/** /**
* Function called by libgcrypt on serious errors. * Function called by libgcrypt on serious errors.
@ -245,7 +258,7 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
c_hash); c_hash);
if (GNUNET_YES != if (GNUNET_YES !=
GNUNET_CRYPTO_rsa_blind (c_hash, TALER_rsa_blind (c_hash,
&ps->blinding_key.bks, &ps->blinding_key.bks,
dk->rsa_public_key, dk->rsa_public_key,
&pd->coin_ev, &pd->coin_ev,
@ -280,7 +293,7 @@ TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk,
{ {
struct GNUNET_CRYPTO_RsaSignature *sig; struct GNUNET_CRYPTO_RsaSignature *sig;
sig = GNUNET_CRYPTO_rsa_unblind (blind_sig, sig = TALER_rsa_unblind (blind_sig,
&ps->blinding_key.bks, &ps->blinding_key.bks,
dk->rsa_public_key); dk->rsa_public_key);
if (GNUNET_OK != if (GNUNET_OK !=
@ -381,4 +394,58 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
} }
/**
* Blinds the given message with the given blinding key
*
* @param hash hash of the message to sign
* @param bkey the blinding key
* @param pkey the public key of the signer
* @param[out] buf set to a buffer with the blinded message to be signed
* @param[out] buf_size number of bytes stored in @a buf
* @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
*/
int
TALER_rsa_blind (const struct GNUNET_HashCode *hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey,
void **buf,
size_t *buf_size)
{
#if USE_GNUNET_RSA_BLINDING
return GNUNET_CRYPTO_rsa_blind (hash,
bks,
pkey,
buf,
buf_size);
#else
# error "FIXME: implement"
#endif
}
/**
* Unblind a blind-signed signature. The signature should have been generated
* with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
* #GNUNET_CRYPTO_rsa_blind().
*
* @param sig the signature made on the blinded signature purpose
* @param bks the blinding key secret used to blind the signature purpose
* @param pkey the public key of the signer
* @return unblinded signature on success, NULL if RSA key is bad or malicious.
*/
struct GNUNET_CRYPTO_RsaSignature *
TALER_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey)
{
#if USE_GNUNET_RSA_BLINDING
return GNUNET_CRYPTO_rsa_unblind (sig,
bks,
pkey);
#else
# error "FIXME: implement"
#endif
}
/* end of crypto.c */ /* end of crypto.c */

View File

@ -254,7 +254,7 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
void *buf; void *buf;
size_t buf_size; size_t buf_size;
GNUNET_assert (GNUNET_YES == GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_rsa_blind (&m_hash, TALER_rsa_blind (&m_hash,
&bks, &bks,
keys[i].denom_pub.rsa_public_key, keys[i].denom_pub.rsa_public_key,
&buf, &buf,
@ -290,7 +290,7 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
{ {
struct GNUNET_CRYPTO_RsaSignature *rs; struct GNUNET_CRYPTO_RsaSignature *rs;
rs = GNUNET_CRYPTO_rsa_unblind (ds.rsa_signature, rs = TALER_rsa_unblind (ds.rsa_signature,
&bks, &bks,
keys[i].denom_pub.rsa_public_key); keys[i].denom_pub.rsa_public_key);
if (NULL == rs) if (NULL == rs)
@ -409,7 +409,7 @@ perf_signing (struct TALER_CRYPTO_DenominationHelper *dh)
size_t buf_size; size_t buf_size;
GNUNET_assert (GNUNET_YES == GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_rsa_blind (&m_hash, TALER_rsa_blind (&m_hash,
&bks, &bks,
keys[i].denom_pub.rsa_public_key, keys[i].denom_pub.rsa_public_key,
&buf, &buf,