taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

conditionally use (un)blinding implementation from libgnunetutil

Browse Source
This commit is contained in:
Florian Dold 2020-12-04 12:09:27 +01:00
parent 86dd5d46dd
commit d3b714922f
No known key found for this signature in database
GPG Key ID: D2E4F00F29D02A4B
5 changed files with 129 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/exchange/taler-exchange-httpd_recoup.c
View File

@ -438,11 +438,11 @@ verify_and_execute_recoup (struct MHD_Connection *connection,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
&c_hash); &c_hash);
if (GNUNET_YES != if (GNUNET_YES !=
GNUNET_CRYPTO_rsa_blind (&c_hash, TALER_rsa_blind (&c_hash,
&coin_bks->bks, &coin_bks->bks,
dki->denom_pub.rsa_public_key, dki->denom_pub.rsa_public_key,
&coin_ev, &coin_ev,
&coin_ev_size)) &coin_ev_size))
{ {
GNUNET_break (0); GNUNET_break (0);
TEH_KS_release (key_state); TEH_KS_release (key_state);

33
src/include/taler_crypto_lib.h
View File

@ -1142,4 +1142,37 @@ TALER_merchant_wire_signature_make (
struct TALER_MerchantSignatureP *merch_sig); struct TALER_MerchantSignatureP *merch_sig);
/**
* Blinds the given message with the given blinding key
*
* @param hash hash of the message to sign
* @param bkey the blinding key
* @param pkey the public key of the signer
* @param[out] buf set to a buffer with the blinded message to be signed
* @param[out] buf_size number of bytes stored in @a buf
* @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
*/
int
TALER_rsa_blind (const struct GNUNET_HashCode *hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey,
void **buf,
size_t *buf_size);
/**
* Unblind a blind-signed signature. The signature should have been generated
* with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
* #GNUNET_CRYPTO_rsa_blind().
*
* @param sig the signature made on the blinded signature purpose
* @param bks the blinding key secret used to blind the signature purpose
* @param pkey the public key of the signer
* @return unblinded signature on success, NULL if RSA key is bad or malicious.
*/
struct GNUNET_CRYPTO_RsaSignature *
TALER_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey);
#endif #endif

6
src/lib/exchange_api_link.c
View File

@ -123,9 +123,9 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
/* extract coin and signature */ /* extract coin and signature */
*coin_priv = fc.coin_priv; *coin_priv = fc.coin_priv;
sig->rsa_signature sig->rsa_signature
= GNUNET_CRYPTO_rsa_unblind (bsig, = TALER_rsa_unblind (bsig,
&fc.blinding_key.bks, &fc.blinding_key.bks,
rpub); rpub);
/* verify link_sig */ /* verify link_sig */
{ {
struct TALER_PlanchetDetail pd; struct TALER_PlanchetDetail pd;

83
src/util/crypto.c
View File

@ -25,6 +25,19 @@
#include "taler_util.h" #include "taler_util.h"
#include <gcrypt.h> #include <gcrypt.h>
/**
* Should we use the RSA blind signing implementation
* from libgnunetutil? The blinding only works
* correctly with a current version of libgnunetutil.
*
* Only applies to blinding and unblinding, but
* not to blind signing.
*
* FIXME: Can we define some macro for this in configure.ac
* to detect the version?
*/
#define USE_GNUNET_RSA_BLINDING 1
/** /**
* Function called by libgcrypt on serious errors. * Function called by libgcrypt on serious errors.
@ -245,11 +258,11 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
c_hash); c_hash);
if (GNUNET_YES != if (GNUNET_YES !=
GNUNET_CRYPTO_rsa_blind (c_hash, TALER_rsa_blind (c_hash,
&ps->blinding_key.bks, &ps->blinding_key.bks,
dk->rsa_public_key, dk->rsa_public_key,
&pd->coin_ev, &pd->coin_ev,
&pd->coin_ev_size)) &pd->coin_ev_size))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return GNUNET_SYSERR; return GNUNET_SYSERR;
@ -280,9 +293,9 @@ TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk,
{ {
struct GNUNET_CRYPTO_RsaSignature *sig; struct GNUNET_CRYPTO_RsaSignature *sig;
sig = GNUNET_CRYPTO_rsa_unblind (blind_sig, sig = TALER_rsa_unblind (blind_sig,
&ps->blinding_key.bks, &ps->blinding_key.bks,
dk->rsa_public_key); dk->rsa_public_key);
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_rsa_verify (c_hash, GNUNET_CRYPTO_rsa_verify (c_hash,
sig, sig,
@ -381,4 +394,58 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
} }
/**
* Blinds the given message with the given blinding key
*
* @param hash hash of the message to sign
* @param bkey the blinding key
* @param pkey the public key of the signer
* @param[out] buf set to a buffer with the blinded message to be signed
* @param[out] buf_size number of bytes stored in @a buf
* @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
*/
int
TALER_rsa_blind (const struct GNUNET_HashCode *hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey,
void **buf,
size_t *buf_size)
{
#if USE_GNUNET_RSA_BLINDING
return GNUNET_CRYPTO_rsa_blind (hash,
bks,
pkey,
buf,
buf_size);
#else
# error "FIXME: implement"
#endif
}
/**
* Unblind a blind-signed signature. The signature should have been generated
* with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
* #GNUNET_CRYPTO_rsa_blind().
*
* @param sig the signature made on the blinded signature purpose
* @param bks the blinding key secret used to blind the signature purpose
* @param pkey the public key of the signer
* @return unblinded signature on success, NULL if RSA key is bad or malicious.
*/
struct GNUNET_CRYPTO_RsaSignature *
TALER_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey)
{
#if USE_GNUNET_RSA_BLINDING
return GNUNET_CRYPTO_rsa_unblind (sig,
bks,
pkey);
#else
# error "FIXME: implement"
#endif
}
/* end of crypto.c */ /* end of crypto.c */

26
src/util/test_helper_rsa.c
View File

@ -254,11 +254,11 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
void *buf; void *buf;
size_t buf_size; size_t buf_size;
GNUNET_assert (GNUNET_YES == GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_rsa_blind (&m_hash, TALER_rsa_blind (&m_hash,
&bks, &bks,
keys[i].denom_pub.rsa_public_key, keys[i].denom_pub.rsa_public_key,
&buf, &buf,
&buf_size)); &buf_size));
GNUNET_log (GNUNET_ERROR_TYPE_INFO, GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Requesting signature over %u bytes with key %s\n", "Requesting signature over %u bytes with key %s\n",
(unsigned int) buf_size, (unsigned int) buf_size,
@ -290,9 +290,9 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
{ {
struct GNUNET_CRYPTO_RsaSignature *rs; struct GNUNET_CRYPTO_RsaSignature *rs;
rs = GNUNET_CRYPTO_rsa_unblind (ds.rsa_signature, rs = TALER_rsa_unblind (ds.rsa_signature,
&bks, &bks,
keys[i].denom_pub.rsa_public_key); keys[i].denom_pub.rsa_public_key);
if (NULL == rs) if (NULL == rs)
{ {
GNUNET_break (0); GNUNET_break (0);
@ -409,11 +409,11 @@ perf_signing (struct TALER_CRYPTO_DenominationHelper *dh)
size_t buf_size; size_t buf_size;
GNUNET_assert (GNUNET_YES == GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_rsa_blind (&m_hash, TALER_rsa_blind (&m_hash,
&bks, &bks,
keys[i].denom_pub.rsa_public_key, keys[i].denom_pub.rsa_public_key,
&buf, &buf,
&buf_size)); &buf_size));
/* use this key as long as it works */ /* use this key as long as it works */
while (1) while (1)
{ {