taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

address #3731: no need for session public key or signature

Browse Source
This commit is contained in:
Christian Grothoff 2015-03-24 17:13:17 +01:00
parent 55959bd01d
commit f052af1e6b
6 changed files with 9 additions and 193 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/include/taler_crypto_lib.h
View File

@ -93,32 +93,6 @@ struct TALER_MerchantPrivateKey
}; };
/**
* Type of public keys used by clients to sign
* messages during a melting session.
*/
struct TALER_SessionPublicKey
{
/**
* Taler uses EdDSA for melting session keys.
*/
struct GNUNET_CRYPTO_EddsaPublicKey eddsa_pub;
};
/**
* Type of public keys used by clients to sign
* messages during a melting session.
*/
struct TALER_SessionPrivateKey
{
/**
* Taler uses EdDSA for melting session keys.
*/
struct GNUNET_CRYPTO_EddsaPrivateKey eddsa_priv;
};
/** /**
* Type of transfer public keys used during refresh * Type of transfer public keys used during refresh
* operations. * operations.
@ -147,19 +121,6 @@ struct TALER_TransferPrivateKey
}; };
/**
* Type of signatures used by clients to sign
* messages during a melting session.
*/
struct TALER_SessionSignature
{
/**
* Taler uses EdDSA for melting session keys.
*/
struct GNUNET_CRYPTO_EddsaSignature eddsa_signature;
};
/** /**
* Type of online public keys used by the mint to sign * Type of online public keys used by the mint to sign
* messages. * messages.

70
src/include/taler_signatures.h
View File

@ -60,29 +60,17 @@
*/ */
#define TALER_SIGNATURE_REFRESH_MELT_COIN 5 #define TALER_SIGNATURE_REFRESH_MELT_COIN 5
/**
* Signature where the refresh session confirms
* the commits.
*/
#define TALER_SIGNATURE_REFRESH_MELT_SESSION 6
/** /**
* Signature where the mint (current signing key) * Signature where the mint (current signing key)
* confirms the no-reveal index for cut-and-choose and * confirms the no-reveal index for cut-and-choose and
* the validity of the melted coins. * the validity of the melted coins.
*/ */
#define TALER_SIGNATURE_REFRESH_MELT_RESPONSE 7 #define TALER_SIGNATURE_REFRESH_MELT_RESPONSE 6
/**
* Signature where coins confirm that they want
* to be melted into a certain session.
*/
#define TALER_SIGNATURE_REFRESH_MELT_CONFIRM 9
/** /**
* Signature where the Mint confirms a deposit request. * Signature where the Mint confirms a deposit request.
*/ */
#define TALER_SIGNATURE_MINT_DEPOSIT 10 #define TALER_SIGNATURE_MINT_DEPOSIT 7
/***********************/ /***********************/
@ -277,40 +265,6 @@ struct RefreshMeltCoinSignature
}; };
/**
* Message signed by a coin to indicate that the coin should
* be melted.
*/
struct RefreshMeltSessionSignature
{
/**
* Purpose is #TALER_SIGNATURE_REFRESH_MELT_SESSION
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Which melting operation should the coin become a part of.
*/
struct GNUNET_HashCode melt_hash;
/**
* Public key of the refresh session for which
* @e melt_client_signature must be a valid signature.
*/
struct TALER_SessionPublicKey session_key;
/**
* What is the total value of the coins created during the
* refresh, including melting fee!
*/
struct TALER_AmountNBO amount_with_fee;
/* FIXME: we should probably also include the value of
the melting fee here as well! */
};
/** /**
* Format of the block signed by the Mint in response to a successful * Format of the block signed by the Mint in response to a successful
* "/refresh/melt" request. Hereby the mint affirms that all of the * "/refresh/melt" request. Hereby the mint affirms that all of the
@ -336,26 +290,6 @@ struct RefreshMeltResponseSignatureBody
}; };
/**
* Message signed by the client requesting the final
* result of the melting operation.
*/
struct RefreshMeltConfirmSignRequestBody
{
/**
* Purpose is #TALER_SIGNATURE_REFRESH_MELT_CONFIRM.
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
// FIXME: We probably need more info in here...
/**
* Public key the client uses for this session.
*/
struct TALER_SessionPublicKey session_pub;
};
/** /**
* Information about a signing key of the mint. Signing keys are used * Information about a signing key of the mint. Signing keys are used
* to sign mint messages other than coins, i.e. to confirm that a * to sign mint messages other than coins, i.e. to confirm that a

9
src/mint/taler-mint-httpd_db.c
View File

@ -494,7 +494,6 @@ refresh_accept_melts (struct MHD_Connection *connection,
struct TALER_MINTDB_Session *session, struct TALER_MINTDB_Session *session,
const struct MintKeyState *key_state, const struct MintKeyState *key_state,
const struct GNUNET_HashCode *session_hash, const struct GNUNET_HashCode *session_hash,
const struct TALER_SessionPublicKey *session_pub,
const struct TALER_CoinPublicInfo *coin_public_info, const struct TALER_CoinPublicInfo *coin_public_info,
const struct MeltDetails *coin_details, const struct MeltDetails *coin_details,
uint16_t oldcoin_index) uint16_t oldcoin_index)
@ -587,9 +586,6 @@ refresh_accept_melts (struct MHD_Connection *connection,
* *
* @param connection the MHD connection to handle * @param connection the MHD connection to handle
* @param session_hash hash code of the session the coins are melted into * @param session_hash hash code of the session the coins are melted into
* @param refresh_session_pub public key of the refresh session
* @param client_signature signature of the client (matching @a refresh_session_pub)
* over the melting request
* @param num_new_denoms number of entries in @a denom_pubs, size of y-dimension of @commit_coin array * @param num_new_denoms number of entries in @a denom_pubs, size of y-dimension of @commit_coin array
* @param denum_pubs public keys of the coins we want to withdraw in the end * @param denum_pubs public keys of the coins we want to withdraw in the end
* @param coin_count number of entries in @a coin_public_infos and @a coin_melt_details, size of y-dimension of @commit_link array * @param coin_count number of entries in @a coin_public_infos and @a coin_melt_details, size of y-dimension of @commit_link array
@ -606,8 +602,6 @@ refresh_accept_melts (struct MHD_Connection *connection,
int int
TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
const struct GNUNET_HashCode *session_hash, const struct GNUNET_HashCode *session_hash,
const struct TALER_SessionPublicKey *refresh_session_pub,
const struct TALER_SessionSignature *client_signature,
unsigned int num_new_denoms, unsigned int num_new_denoms,
const struct TALER_DenominationPublicKey *denom_pubs, const struct TALER_DenominationPublicKey *denom_pubs,
unsigned int coin_count, unsigned int coin_count,
@ -665,7 +659,6 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
session, session,
key_state, key_state,
session_hash, session_hash,
refresh_session_pub,
&coin_public_infos[i], &coin_public_infos[i],
&coin_melt_details[i], &coin_melt_details[i],
i))) i)))
@ -724,8 +717,6 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
/* store 'global' session data */ /* store 'global' session data */
refresh_session.melt_sig = *client_signature;
refresh_session.refresh_session_pub = *refresh_session_pub;
refresh_session.num_oldcoins = coin_count; refresh_session.num_oldcoins = coin_count;
refresh_session.num_newcoins = num_new_denoms; refresh_session.num_newcoins = num_new_denoms;
refresh_session.kappa = KAPPA; // FIXME... (#3711) refresh_session.kappa = KAPPA; // FIXME... (#3711)

4
src/mint/taler-mint-httpd_db.h
View File

@ -108,8 +108,6 @@ struct MeltDetails
* *
* @param connection the MHD connection to handle * @param connection the MHD connection to handle
* @param session_hash hash code of the session the coins are melted into * @param session_hash hash code of the session the coins are melted into
* @param client_signature signature of the client (matching @a refresh_session_pub)
* over the melting request
* @param num_new_denoms number of entries in @a denom_pubs, size of y-dimension of @commit_coin array * @param num_new_denoms number of entries in @a denom_pubs, size of y-dimension of @commit_coin array
* @param denum_pubs array of public denomination keys for the refresh (?) * @param denum_pubs array of public denomination keys for the refresh (?)
* @param coin_count number of entries in @a coin_public_infos and @ a coin_melt_details, size of y-dimension of @commit_link array * @param coin_count number of entries in @a coin_public_infos and @ a coin_melt_details, size of y-dimension of @commit_link array
@ -126,8 +124,6 @@ struct MeltDetails
int int
TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection,
const struct GNUNET_HashCode *session_hash, const struct GNUNET_HashCode *session_hash,
const struct TALER_SessionPublicKey *refresh_session_pub,
const struct TALER_SessionSignature *client_signature,
unsigned int num_new_denoms, unsigned int num_new_denoms,
const struct TALER_DenominationPublicKey *denom_pubs, const struct TALER_DenominationPublicKey *denom_pubs,
unsigned int coin_count, unsigned int coin_count,

65
src/mint/taler-mint-httpd_refresh.c
View File

@ -40,13 +40,12 @@
* and then hand things of to execute the melt operation. * and then hand things of to execute the melt operation.
* *
* @param connection the MHD connection to handle * @param connection the MHD connection to handle
* @param refresh_session_pub public key of the melt operation
* @param num_new_denoms number of coins to be created, size of y-dimension of @commit_link array * @param num_new_denoms number of coins to be created, size of y-dimension of @commit_link array
* @param denom_pubs array of @a num_new_denoms keys * @param denom_pubs array of @a num_new_denoms keys
* @param coin_count number of coins to be melted, size of y-dimension of @commit_coin array * @param coin_count number of coins to be melted, size of y-dimension of @commit_coin array
* @param coin_public_infos array with @a coin_count entries about the coins * @param coin_public_infos array with @a coin_count entries about the coins
* @param coin_melt_details array with @a coin_count entries with melting details * @param coin_melt_details array with @a coin_count entries with melting details
* @param commit_hash hash over the data that the client commits to * @param session_hash hash over the data that the client commits to
* @param commit_client_sig signature of the client over this commitment * @param commit_client_sig signature of the client over this commitment
* @param kappa size of x-dimension of @commit_coin and @commit_link arrays * @param kappa size of x-dimension of @commit_coin and @commit_link arrays
* @param commit_coin 2d array of coin commitments (what the mint is to sign * @param commit_coin 2d array of coin commitments (what the mint is to sign
@ -58,21 +57,18 @@
*/ */
static int static int
handle_refresh_melt_binary (struct MHD_Connection *connection, handle_refresh_melt_binary (struct MHD_Connection *connection,
const struct TALER_SessionPublicKey *refresh_session_pub,
unsigned int num_new_denoms, unsigned int num_new_denoms,
const struct TALER_DenominationPublicKey *denom_pubs, const struct TALER_DenominationPublicKey *denom_pubs,
unsigned int coin_count, unsigned int coin_count,
struct TALER_CoinPublicInfo *coin_public_infos, struct TALER_CoinPublicInfo *coin_public_infos,
const struct MeltDetails *coin_melt_details, const struct MeltDetails *coin_melt_details,
const struct GNUNET_HashCode *commit_hash, const struct GNUNET_HashCode *session_hash,
const struct TALER_SessionSignature *commit_client_sig,
unsigned int kappa, unsigned int kappa,
struct RefreshCommitCoin *const* commit_coin, struct RefreshCommitCoin *const* commit_coin,
struct RefreshCommitLink *const* commit_link) struct RefreshCommitLink *const* commit_link)
{ {
unsigned int i; unsigned int i;
struct RefreshMeltSessionSignature body;
struct MintKeyState *key_state; struct MintKeyState *key_state;
struct TALER_MINT_DenomKeyIssue *dki; struct TALER_MINT_DenomKeyIssue *dki;
struct TALER_Amount cost; struct TALER_Amount cost;
@ -83,27 +79,6 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,
struct TALER_Amount fee_melt; struct TALER_Amount fee_melt;
struct TALER_Amount total_melt; struct TALER_Amount total_melt;
/* check that signature from the session public key is ok */
body.purpose.purpose = htonl (TALER_SIGNATURE_REFRESH_MELT_SESSION);
body.purpose.size = htonl (sizeof (struct RefreshMeltSessionSignature));
body.melt_hash = *commit_hash;
TALER_amount_hton (&body.amount_with_fee,
&coin_melt_details->melt_amount_with_fee);
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_REFRESH_MELT_SESSION,
&body.purpose,
&commit_client_sig->eddsa_signature,
&refresh_session_pub->eddsa_pub))
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"signature invalid (did not verify)\n");
return TALER_MINT_reply_json_pack (connection,
MHD_HTTP_UNAUTHORIZED,
"{s:s}",
"error",
"invalid signature (verification)");
}
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
TALER_amount_get_zero (MINT_CURRENCY, TALER_amount_get_zero (MINT_CURRENCY,
&total_cost)); &total_cost));
@ -174,9 +149,7 @@ handle_refresh_melt_binary (struct MHD_Connection *connection,
"error", "value mismatch"); "error", "value mismatch");
} }
return TALER_MINT_db_execute_refresh_melt (connection, return TALER_MINT_db_execute_refresh_melt (connection,
commit_hash, session_hash,
refresh_session_pub,
commit_client_sig,
num_new_denoms, num_new_denoms,
denom_pubs, denom_pubs,
coin_count, coin_count,
@ -382,7 +355,6 @@ free_commit_links (struct RefreshCommitLink **commit_link,
* #handle_refresh_melt_binary(). * #handle_refresh_melt_binary().
* *
* @param connection the MHD connection to handle * @param connection the MHD connection to handle
* @param refresh_session_pub public key of the melt operation
* @param new_denoms array of denomination keys * @param new_denoms array of denomination keys
* @param melt_coins array of coins to melt * @param melt_coins array of coins to melt
* @param melt_sig_json signature affirming the melt operation * @param melt_sig_json signature affirming the melt operation
@ -398,7 +370,6 @@ free_commit_links (struct RefreshCommitLink **commit_link,
*/ */
static int static int
handle_refresh_melt_json (struct MHD_Connection *connection, handle_refresh_melt_json (struct MHD_Connection *connection,
const struct TALER_SessionPublicKey *refresh_session_pub,
const json_t *new_denoms, const json_t *new_denoms,
const json_t *melt_coins, const json_t *melt_coins,
const json_t *melt_sig_json, const json_t *melt_sig_json,
@ -420,19 +391,14 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
struct TALER_CoinPublicInfo *coin_public_infos; struct TALER_CoinPublicInfo *coin_public_infos;
struct MeltDetails *coin_melt_details; struct MeltDetails *coin_melt_details;
unsigned int coin_count; unsigned int coin_count;
struct GNUNET_HashCode commit_hash; struct GNUNET_HashCode session_hash;
struct GNUNET_HashContext *hash_context; struct GNUNET_HashContext *hash_context;
struct RefreshCommitCoin *commit_coin[kappa]; struct RefreshCommitCoin *commit_coin[kappa];
struct RefreshCommitLink *commit_link[kappa]; struct RefreshCommitLink *commit_link[kappa];
const struct TALER_SessionSignature commit_client_sig;
/* For the signature check, we hash most of the inputs together /* For the signature check, we hash most of the inputs together
(except for the signatures on the coins). */ (except for the signatures on the coins). */
hash_context = GNUNET_CRYPTO_hash_context_start (); hash_context = GNUNET_CRYPTO_hash_context_start ();
GNUNET_CRYPTO_hash_context_read (hash_context,
refresh_session_pub,
sizeof (struct TALER_SessionPublicKey));
num_new_denoms = json_array_size (new_denoms); num_new_denoms = json_array_size (new_denoms);
denom_pubs = GNUNET_malloc (num_new_denoms * denom_pubs = GNUNET_malloc (num_new_denoms *
sizeof (struct TALER_DenominationPublicKey)); sizeof (struct TALER_DenominationPublicKey));
@ -625,25 +591,13 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
} }
GNUNET_CRYPTO_hash_context_finish (hash_context, GNUNET_CRYPTO_hash_context_finish (hash_context,
&commit_hash); &session_hash);
res = GNUNET_MINT_parse_navigate_json (connection,
commit_signature,
JNAV_FIELD,
"sig",
JNAV_RET_DATA,
&commit_client_sig,
sizeof (struct TALER_SessionSignature));
if (GNUNET_OK != res)
return (GNUNET_NO == res) ? MHD_YES : MHD_NO;
for (i=0;i<coin_count;i++) for (i=0;i<coin_count;i++)
{ {
/* verify signatures on coins to melt */ /* verify signatures on coins to melt */
res = verify_coin_public_info (connection, res = verify_coin_public_info (connection,
&commit_hash, &session_hash,
&coin_public_infos[i], &coin_public_infos[i],
&coin_melt_details[i]); &coin_melt_details[i]);
if (GNUNET_OK != res) if (GNUNET_OK != res)
@ -655,14 +609,12 @@ handle_refresh_melt_json (struct MHD_Connection *connection,
/* execute commit */ /* execute commit */
res = handle_refresh_melt_binary (connection, res = handle_refresh_melt_binary (connection,
refresh_session_pub,
num_new_denoms, num_new_denoms,
denom_pubs, denom_pubs,
coin_count, coin_count,
coin_public_infos, coin_public_infos,
coin_melt_details, coin_melt_details,
&commit_hash, &session_hash,
&commit_client_sig,
kappa, kappa,
commit_coin, commit_coin,
commit_link); commit_link);
@ -716,10 +668,8 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,
unsigned int num_oldcoins; unsigned int num_oldcoins;
unsigned int num_newcoins; unsigned int num_newcoins;
json_t *coin_detail; json_t *coin_detail;
struct TALER_SessionPublicKey refresh_session_pub;
int res; int res;
struct GNUNET_MINT_ParseFieldSpec spec[] = { struct GNUNET_MINT_ParseFieldSpec spec[] = {
TALER_MINT_PARSE_FIXED ("session_pub", &refresh_session_pub),
TALER_MINT_PARSE_ARRAY ("new_denoms", &new_denoms), TALER_MINT_PARSE_ARRAY ("new_denoms", &new_denoms),
TALER_MINT_PARSE_ARRAY ("melt_coins", &melt_coins), TALER_MINT_PARSE_ARRAY ("melt_coins", &melt_coins),
TALER_MINT_PARSE_ARRAY ("melt_signature", &melt_sig_json), TALER_MINT_PARSE_ARRAY ("melt_signature", &melt_sig_json),
@ -787,7 +737,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh,
num_oldcoins = json_array_size (coin_detail); num_oldcoins = json_array_size (coin_detail);
res = handle_refresh_melt_json (connection, res = handle_refresh_melt_json (connection,
&refresh_session_pub,
new_denoms, new_denoms,
melt_coins, melt_coins,
melt_sig_json, melt_sig_json,

15
src/mint/taler_mintdb_plugin.h
View File

@ -235,21 +235,6 @@ struct Deposit
*/ */
struct RefreshSession struct RefreshSession
{ {
/**
* Signature over the commitments by the client.
*/
struct TALER_SessionSignature commit_sig;
/**
* Public key the client uses to sign messages in
* this exchange.
*/
struct TALER_SessionPublicKey refresh_session_pub;
/**
* Signature over the melt by the client.
*/
struct TALER_SessionSignature melt_sig;
/** /**
* Number of coins we are melting. * Number of coins we are melting.