taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added CS data structures, implemented CS keypair

Browse Source
This commit is contained in:
Gian Demarmels 2021-12-17 14:35:10 +01:00
parent 0a459aeb13
commit f3fb7c29e6
No known key found for this signature in database
GPG Key ID: 030CEDDCCC92D778
16 changed files with 463 additions and 104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/benchmark/taler-aggregator-benchmark.c
View File

@ -518,21 +518,19 @@ run (void *cls,
return;
}
TALER_blinding_secret_create (&bks);
TALER_blinding_secret_create (&bks, TALER_DENOMINATION_RSA);
GNUNET_assert (GNUNET_OK ==
TALER_denom_blind (&denom_pub,
&bks,
NULL, /* FIXME-oec */
&coin_pub,
&c_hash,
&pd.coin_ev,
&pd.coin_ev_size));
&pd.blinded_planchet));
GNUNET_assert (GNUNET_OK ==
TALER_denom_sign_blinded (&bds,
&pk,
pd.coin_ev,
pd.coin_ev_size));
GNUNET_free (pd.coin_ev);
&pd.blinded_planchet));
GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
GNUNET_assert (GNUNET_OK ==
TALER_denom_sig_unblind (&denom_sig,
&bds,

15
src/exchange/taler-exchange-httpd_recoup.c
View File

@ -243,9 +243,11 @@ verify_and_execute_recoup (
}
{
//FIXME:
void *coin_ev;
size_t coin_ev_size;
struct TALER_CoinPubHash c_hash;
struct TALER_BlindedPlanchet blinded_planchet;
if (GNUNET_OK !=
TALER_denom_blind (&dk->denom_pub,
@ -253,8 +255,7 @@ verify_and_execute_recoup (
NULL, /* FIXME-Oec: TALER_AgeHash * */
&coin->coin_pub,
&c_hash,
&coin_ev,
&coin_ev_size))
&blinded_planchet))
{
GNUNET_break (0);
return TALER_MHD_reply_with_error (
@ -263,10 +264,12 @@ verify_and_execute_recoup (
TALER_EC_EXCHANGE_RECOUP_BLINDING_FAILED,
NULL);
}
TALER_coin_ev_hash (coin_ev,
coin_ev_size,
&pc.h_blind);
GNUNET_free (coin_ev);
TALER_coin_ev_hash (
blinded_planchet.details.rsa_blinded_planchet.blinded_msg,
blinded_planchet.details.rsa_blinded_planchet.
blinded_msg_size,
&pc.h_blind);
GNUNET_free (blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
pc.coin_sig = coin_sig;

6
src/exchange/taler-exchange-httpd_refreshes_reveal.c
View File

@ -193,8 +193,10 @@ check_commitment (struct RevealContext *rctx,
&ps,
&c_hash,
&pd));
rcd->coin_ev = pd.coin_ev;
rcd->coin_ev_size = pd.coin_ev_size;
rcd->coin_ev =
pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg;
rcd->coin_ev_size =
pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size;
}
}
}

27
src/exchangedb/test_exchangedb.c
View File

@ -531,10 +531,8 @@ handle_link_data_cb (void *cls,
break;
}
}
GNUNET_assert (found);
}
}
//FIXME:
GNUNET_assert (GNUNET_NO != found);
/**
* Callback that should never be called.
@ -1469,7 +1467,7 @@ run (void *cls)
struct TALER_CoinSpendPublicKeyP coin_pub;
struct TALER_AgeHash age_hash;
struct TALER_AgeHash *p_ah[2] = {NULL, &age_hash};
//FIXME:
/* Call TALER_denom_blind()/TALER_denom_sign_blinded() twice, once without
* age_hash, once with age_hash */
RND_BLK (&age_hash);
@ -1495,6 +1493,25 @@ run (void *cls)
pd.coin_ev_size));
GNUNET_free (pd.coin_ev);
}
RND_BLK (&coin_pub);
TALER_blinding_secret_create (&bks, TALER_DENOMINATION_RSA);
GNUNET_assert (GNUNET_OK ==
TALER_denom_blind (&dkp->pub,
&bks,
NULL, /* FIXME-Oec */
&coin_pub,
&c_hash,
&pd.blinded_planchet));
TALER_coin_ev_hash (
pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg,
pd.blinded_planchet.details.rsa_blinded_planchet.
blinded_msg_size,
&cbc.h_coin_envelope);
GNUNET_assert (GNUNET_OK ==
TALER_denom_sign_blinded (&cbc.sig,
&dkp->priv,
&pd.blinded_planchet));
GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
cbc.reserve_pub = reserve_pub;

206
src/include/taler_crypto_lib.h
View File

@ -353,9 +353,15 @@ struct TALER_CoinSpendSignatureP
/**
* @brief Type of blinding keys for Taler.
* must be 32 bytes
*/
union TALER_DenominationBlindingKeyP
{
/**
* Clause Schnorr Signatures have 2 blinding secrets, each containing two unpredictable values.
*/
struct GNUNET_CRYPTO_CsNonce nonce;
/**
* Taler uses RSA for blind signatures.
*/
@ -575,9 +581,9 @@ enum TALER_DenominationCipher
TALER_DENOMINATION_RSA = 1,
/**
* Clause-Schnorr blind signature.
* Clause Blind Schnorr signature.
*/
// TALER_DENOMINATION_CS = 2
TALER_DENOMINATION_CS = 2
};
@ -597,6 +603,10 @@ struct TALER_DenominationSignature
*/
union
{
/**
* If we use #TALER_DENOMINATION_CS in @a cipher.
*/
struct GNUNET_CRYPTO_CsSignature cs_signature;
/**
* If we use #TALER_DENOMINATION_RSA in @a cipher.
@ -607,6 +617,24 @@ struct TALER_DenominationSignature
};
/**
* The Sign Answer for Clause B lind Schnorr signature.
* The sign operation returns a parameter @param b and the signature
* scalar @param s_scalar.
* The function does not return the whole signature, due to that is only the blinded s_scalar.
*/
struct TALER_BlindedDenominationCsSignAnswer
{
/**
* To make ROS problem harder, the signer chooses an unpredictable b and only calculates signature of c_b
*/
unsigned int b;
/**
* The blinded s scalar calculated from c_b
*/
struct GNUNET_CRYPTO_CsBlindS s_scalar;
};
/**
* @brief Type for *blinded* denomination signatures for Taler.
@ -625,6 +653,12 @@ struct TALER_BlindedDenominationSignature
*/
union
{
/**
* If we use #TALER_DENOMINATION_CS in @a cipher.
* At this point only the blinded s scalar is used.
* The final signature consisting of r,s is built after unblinding.
*/
struct TALER_BlindedDenominationCsSignAnswer blinded_cs_answer;
/**
* If we use #TALER_DENOMINATION_RSA in @a cipher.
@ -657,6 +691,10 @@ struct TALER_DenominationPublicKey
*/
union
{
/**
* If we use #TALER_DENOMINATION_CS in @a cipher.
*/
struct GNUNET_CRYPTO_CsPublicKey cs_public_key;
/**
* If we use #TALER_DENOMINATION_RSA in @a cipher.
@ -683,6 +721,10 @@ struct TALER_DenominationPrivateKey
*/
union
{
/**
* If we use #TALER_DENOMINATION_CS in @a cipher.
*/
struct GNUNET_CRYPTO_CsPrivateKey cs_private_key;
/**
* If we use #TALER_DENOMINATION_RSA in @a cipher.
@ -692,6 +734,141 @@ struct TALER_DenominationPrivateKey
} details;
};
/**
* @brief RSA Parameters to create blinded signature
*
*/
struct TALER_BlindedRsaPlanchet
{
/**
* blinded message to be signed
* Note: is malloc()'ed!
*/
void *blinded_msg;
/**
* size of the blinded message to be signed
*/
size_t blinded_msg_size;
};
/**
* @brief CS Parameters to create blinded signature
*
*/
struct TALER_BlindedCsPlanchet
{
/**
* Withdraw or refresh nonce used for derivation
*/
struct GNUNET_CRYPTO_CsNonce nonce;
/**
* The Clause Schnorr c_0 and c_1 containing the blinded message
*/
struct GNUNET_CRYPTO_CsC c[2];
};
/**
* @brief Type including Parameters to create blinded signature
*
*/
struct TALER_BlindedPlanchet
{
/**
* Type of the sign blinded message
*/
enum TALER_DenominationCipher cipher;
/**
* Details, depending on @e cipher.
*/
union
{
/**
* If we use #TALER_DENOMINATION_CS in @a cipher.
*/
struct TALER_BlindedCsPlanchet cs_blinded_planchet;
/**
* If we use #TALER_DENOMINATION_RSA in @a cipher.
*/
struct TALER_BlindedRsaPlanchet rsa_blinded_planchet;
} details;
};
/**
* @brief RSA Parameters to create blinded messages
*
*/
struct TALER_DenominationBlindMessageRsaParams
{
/**
* blinded message to be signed
* Note: is malloc()'ed!
*/
void **coin_ev;
/**
* size of the blinded message to be signed
*/
size_t *coin_ev_size;
};
/**
* @brief CS Parameters to create blinded messages
*
*/
struct TALER_DenominationBlindMessageCsParams
{
};
/**
* @brief Type including Parameters to create blinded message
*
*/
struct TALER_DenominationBlindMessageParams
{
/**
* Details, depending on @e cipher.
*/
union
{
/**
* If we use #TALER_DENOMINATION_CS in @a cipher.
*/
struct TALER_DenominationBlindMessageCsParams cs_blind_msg_params;
/**
* If we use #TALER_DENOMINATION_RSA in @a cipher.
*/
struct TALER_DenominationBlindMessageRsaParams rsa_blind_msg_params;
} details;
};
/**
* @brief CS Blinding Secret parameters to derive blinding secrets
*
*/
struct TALER_PlanchetDeriveCsBlindingSecrets
{
/**
* Secret to derive blinding secrets from
*/
void *secret;
/**
* size of the secret to derive blinding secrets from
*/
size_t secret_len;
};
/**
* @brief Public information about a coin (including the public key
@ -768,7 +945,9 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
* @param[out] bs blinding secret to initialize
*/
void
TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs);
TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
enum TALER_DenominationCipher cipher,
...);
/**
@ -827,8 +1006,7 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk,
const struct TALER_AgeHash *age_commitment_hash,
const struct TALER_CoinSpendPublicKeyP *coin_pub,
struct TALER_CoinPubHash *c_hash,
void **coin_ev,
size_t *coin_ev_size);
struct TALER_BlindedPlanchet *blinded_planchet);
/**
@ -843,8 +1021,7 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk,
enum GNUNET_GenericReturnValue
TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
const struct TALER_DenominationPrivateKey *denom_priv,
void *blinded_msg,
size_t blinded_msg_size);
const struct TALER_BlindedPlanchet *blinded_planchet);
/**
@ -1056,7 +1233,7 @@ struct TALER_PlanchetSecretsP
struct TALER_CoinSpendPrivateKeyP coin_priv;
/**
* The blinding key.
* The blinding key. must be 32 byte
*/
union TALER_DenominationBlindingKeyP blinding_key;
@ -1080,14 +1257,9 @@ struct TALER_PlanchetDetail
struct TALER_DenominationHash denom_pub_hash;
/**
* Blinded coin (see GNUNET_CRYPTO_rsa_blind()). Note: is malloc()'ed!
* The blinded planchet
*/
void *coin_ev;
/**
* Number of bytes in @a coin_ev.
*/
size_t coin_ev_size;
struct TALER_BlindedPlanchet blinded_planchet;
};
@ -1224,7 +1396,9 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
* @param[out] ps value to initialize
*/
void
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps);
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
enum TALER_DenominationCipher cipher,
...);
/**

11
src/lib/exchange_api_link.c
View File

@ -155,20 +155,25 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
GNUNET_CRYPTO_hash (pd.coin_ev,
pd.coin_ev_size,
&coin_envelope_hash.hash);
//FIXME:
if (GNUNET_OK !=
TALER_wallet_link_verify (&pd.denom_pub_hash,
trans_pub,
&coin_envelope_hash,
pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg,
pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg_size,
&old_coin_pub,
&link_sig))
{
GNUNET_break_op (0);
GNUNET_free (pd.coin_ev);
GNUNET_free (
pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
GNUNET_JSON_parse_free (spec);
return GNUNET_SYSERR;
}
GNUNET_free (pd.coin_ev);
GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
/* clean up */

6
src/lib/exchange_api_refresh_common.c
View File

@ -441,8 +441,10 @@ TALER_EXCHANGE_refresh_prepare (
return NULL;
}
rcd->dk = &md.fresh_pks[j];
rcd->coin_ev = pd.coin_ev;
rcd->coin_ev_size = pd.coin_ev_size;
rcd->coin_ev =
pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg;
rcd->coin_ev_size =
pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size;
}
}

17
src/lib/exchange_api_refreshes_reveal.c
View File

@ -370,15 +370,22 @@ TALER_EXCHANGE_refreshes_reveal (
}
GNUNET_assert (0 ==
json_array_append_new (coin_evs,
GNUNET_JSON_from_data (pd.coin_ev,
pd.coin_ev_size)));
GNUNET_JSON_from_data (
pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg,
pd.
blinded_planchet.details.
rsa_blinded_planchet.
blinded_msg_size)));
{
struct TALER_CoinSpendSignatureP link_sig;
TALER_wallet_link_sign (&denom_hash,
&transfer_pub,
pd.coin_ev,
pd.coin_ev_size,
pd.blinded_planchet.details.rsa_blinded_planchet.
blinded_msg,
pd.blinded_planchet.details.rsa_blinded_planchet.
blinded_msg_size,
&md->melted_coin.coin_priv,
&link_sig);
GNUNET_assert (0 ==
@ -386,7 +393,7 @@ TALER_EXCHANGE_refreshes_reveal (
link_sigs,
GNUNET_JSON_from_data_auto (&link_sig)));
}
GNUNET_free (pd.coin_ev);
GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
/* build array of transfer private keys */

2
src/lib/exchange_api_withdraw.c
View File

@ -200,7 +200,7 @@ TALER_EXCHANGE_withdraw (
reserve_priv,
&handle_reserve_withdraw_finished,
wh);
GNUNET_free (pd.coin_ev);
GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
return wh;
}

14
src/lib/exchange_api_withdraw2.c
View File

@ -437,9 +437,11 @@ TALER_EXCHANGE_withdraw2 (
TALER_amount_hton (&req.amount_with_fee,
&wh->requested_amount);
TALER_coin_ev_hash (pd->coin_ev,
pd->coin_ev_size,
&req.h_coin_envelope);
TALER_coin_ev_hash (
pd->blinded_planchet.details.rsa_blinded_planchet.blinded_msg,
pd->blinded_planchet.details.rsa_blinded_planchet.
blinded_msg_size,
&req.h_coin_envelope);
GNUNET_CRYPTO_eddsa_sign (&reserve_priv->eddsa_priv,
&req,
&reserve_sig.eddsa_signature);
@ -452,8 +454,10 @@ TALER_EXCHANGE_withdraw2 (
GNUNET_JSON_pack_data_auto ("denom_pub_hash",
&pd->denom_pub_hash),
GNUNET_JSON_pack_data_varsize ("coin_ev",
pd->coin_ev,
pd->coin_ev_size),
pd->blinded_planchet.details.
rsa_blinded_planchet.blinded_msg,
pd->blinded_planchet.details.
rsa_blinded_planchet.blinded_msg_size),
GNUNET_JSON_pack_data_auto ("reserve_sig",
&reserve_sig));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,

10
src/testing/testing_api_cmd_insert_deposit.c
View File

@ -203,21 +203,19 @@ insert_deposit_run (void *cls,
struct TALER_BlindedDenominationSignature bds;
union TALER_DenominationBlindingKeyP bks;
TALER_blinding_secret_create (&bks);
TALER_blinding_secret_create (&bks, TALER_DENOMINATION_RSA);
GNUNET_assert (GNUNET_OK ==
TALER_denom_blind (&dpk,
&bks,
NULL, /* FIXME-Oec */
&deposit.coin.coin_pub,
&c_hash,
&pd.coin_ev,
&pd.coin_ev_size));
&pd.blinded_planchet));
GNUNET_assert (GNUNET_OK ==
TALER_denom_sign_blinded (&bds,
&denom_priv,
pd.coin_ev,
pd.coin_ev_size));
GNUNET_free (pd.coin_ev);
&pd.blinded_planchet));
GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
GNUNET_assert (GNUNET_OK ==
TALER_denom_sig_unblind (&deposit.coin.denom_sig,
&bds,

4
src/testing/testing_api_cmd_withdraw.c
View File

@ -388,7 +388,7 @@ withdraw_run (void *cls,
&ws->reserve_pub);
if (NULL == ws->reuse_coin_key_ref)
{
TALER_planchet_setup_random (&ws->ps);
TALER_planchet_setup_random (&ws->ps, TALER_DENOMINATION_RSA);
}
else
{
@ -409,7 +409,7 @@ withdraw_run (void *cls,
TALER_TESTING_get_trait_coin_priv (cref,
index,
&coin_priv));
TALER_planchet_setup_random (&ws->ps);
TALER_planchet_setup_random (&ws->ps, TALER_DENOMINATION_RSA);
ws->ps.coin_priv = *coin_priv;
}
if (NULL == ws->pk)

66
src/util/crypto.c
View File

@ -167,11 +167,68 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
void
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps)
blinding_secret_create_va (union TALER_DenominationBlindingKeyP *bs,
enum TALER_DenominationCipher cipher,
va_list ap)
{
switch (cipher)
{
case TALER_DENOMINATION_INVALID:
GNUNET_break (0);
return;
case TALER_DENOMINATION_RSA:
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
&bs->rsa_bks,
sizeof (struct
GNUNET_CRYPTO_RsaBlindingKeySecret));
return;
case TALER_DENOMINATION_CS:
{
// TODO: nonce teil ist noch falsch. da kommt bs[2] zurück, was wir nicht speichern wollen!
struct TALER_PlanchetDeriveCsBlindingSecrets*seed;
seed = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *);
// GNUNET_CRYPTO_cs_blinding_secrets_derive(&seed->secret,
// seed->secret_len,
// &bs->nonce);
return;
}
default:
GNUNET_break (0);
}
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
bs,
sizeof (*bs));
}
void
TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
enum TALER_DenominationCipher cipher,
...)
{
va_list ap;
va_start (ap, cipher);
blinding_secret_create_va (bs, cipher, ap);
va_end (ap);
}
void
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
enum TALER_DenominationCipher cipher,
...)
{
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
ps,
sizeof (*ps));
&ps->coin_priv,
sizeof (struct TALER_CoinSpendPrivateKeyP));
va_list ap;
va_start (ap, cipher);
blinding_secret_create_va (&ps->blinding_key, cipher, ap);
va_end (ap);
}
@ -191,8 +248,7 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
NULL, /* FIXME-Oec */
&coin_pub,
c_hash,
&pd->coin_ev,
&pd->coin_ev_size))
&pd->blinded_planchet))
{
GNUNET_break (0);
return GNUNET_SYSERR;

66
src/util/denom.c
View File

@ -34,6 +34,10 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv,
memset (denom_pub,
0,
sizeof (*denom_pub));
denom_priv->cipher = cipher;
denom_pub->cipher = cipher;
switch (cipher)
{
case TALER_DENOMINATION_INVALID:
@ -63,10 +67,13 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv,
denom_pub->details.rsa_public_key
= GNUNET_CRYPTO_rsa_private_key_get_public (
denom_priv->details.rsa_private_key);
denom_priv->cipher = cipher;
denom_pub->cipher = cipher;
return GNUNET_OK;
// TODO: add case for Clause-Schnorr
case TALER_DENOMINATION_CS:
GNUNET_CRYPTO_cs_private_key_generate (&denom_priv->details.cs_private_key);
GNUNET_CRYPTO_cs_private_key_get_public (
&denom_priv->details.cs_private_key,
&denom_pub->details.cs_public_key);
return GNUNET_OK;
default:
GNUNET_break (0);
}
@ -77,8 +84,7 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv,
enum GNUNET_GenericReturnValue
TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
const struct TALER_DenominationPrivateKey *denom_priv,
void *blinded_msg,
size_t blinded_msg_size)
const struct TALER_BlindedPlanchet *blinded_planchet)
{
memset (denom_sig,
0,
@ -92,8 +98,8 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
denom_sig->details.blinded_rsa_signature
= GNUNET_CRYPTO_rsa_sign_blinded (
denom_priv->details.rsa_private_key,
blinded_msg,
blinded_msg_size);
blinded_planchet->details.rsa_blinded_planchet.blinded_msg,
blinded_planchet->details.rsa_blinded_planchet.blinded_msg_size);
if (NULL == denom_sig->details.blinded_rsa_signature)
{
GNUNET_break (0);
@ -147,15 +153,6 @@ TALER_denom_sig_unblind (
}
void
TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs)
{
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
bs,
sizeof (*bs));
}
/**
* Hash @a rsa.
*
@ -238,21 +235,28 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk,
const struct TALER_AgeHash *age_commitment_hash,
const struct TALER_CoinSpendPublicKeyP *coin_pub,
struct TALER_CoinPubHash *c_hash,
void **coin_ev,
size_t *coin_ev_size)
struct TALER_BlindedPlanchet *blinded_planchet)
{
// if (dk->cipher != blinded_planchet->cipher)
// {
// GNUNET_break (0);
// return GNUNET_SYSERR;
// }
blinded_planchet->cipher = dk->cipher;
TALER_coin_pub_hash (coin_pub,
age_commitment_hash,
c_hash);
switch (dk->cipher)
{
case TALER_DENOMINATION_RSA:
TALER_coin_pub_hash (coin_pub,
age_commitment_hash,
c_hash);
if (GNUNET_YES !=
GNUNET_CRYPTO_rsa_blind (&c_hash->hash,
&coin_bks->rsa_bks,
dk->details.rsa_public_key,
coin_ev,
coin_ev_size))
&blinded_planchet->details.rsa_blinded_planchet
.blinded_msg,
&blinded_planchet->details.rsa_blinded_planchet
.blinded_msg_size))
{
GNUNET_break (0);
return GNUNET_SYSERR;
@ -314,7 +318,9 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub)
}
denom_pub->cipher = TALER_DENOMINATION_INVALID;
return;
// TODO: add case for Clause-Schnorr
case TALER_DENOMINATION_CS:
// TODO: ATM nothing needs to be freed, but check again after implementation.
return;
default:
GNUNET_assert (0);
}
@ -336,7 +342,9 @@ TALER_denom_priv_free (struct TALER_DenominationPrivateKey *denom_priv)
}
denom_priv->cipher = TALER_DENOMINATION_INVALID;
return;
// TODO: add case for Clause-Schnorr
case TALER_DENOMINATION_CS:
// TODO: ATM nothing needs to be freed, but check again after implementation.
return;
default:
GNUNET_assert (0);
}
@ -358,7 +366,9 @@ TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig)
}
denom_sig->cipher = TALER_DENOMINATION_INVALID;
return;
// TODO: add case for Clause-Schnorr
case TALER_DENOMINATION_CS:
// TODO: ATM nothing needs to be freed, but check again after implementation.
return;
default:
GNUNET_assert (0);
}
@ -382,7 +392,9 @@ TALER_blinded_denom_sig_free (
}
denom_sig->cipher = TALER_DENOMINATION_INVALID;
return;
// TODO: add case for Clause-Schnorr
case TALER_DENOMINATION_CS:
// TODO: ATM nothing needs to be freed, but check again after implementation.
return;
default:
GNUNET_assert (0);
}

78
src/util/test_crypto.c
View File

@ -82,7 +82,7 @@ test_high_level (void)
* @return 0 on success
*/
static int
test_planchets (void)
test_planchets_rsa (void)
{
struct TALER_PlanchetSecretsP ps;
struct TALER_DenominationPrivateKey dk_priv;
@ -92,12 +92,23 @@ test_planchets (void)
struct TALER_FreshCoin coin;
struct TALER_CoinPubHash c_hash;
GNUNET_assert (GNUNET_SYSERR ==
TALER_denom_priv_create (&dk_priv,
&dk_pub,
TALER_DENOMINATION_INVALID));
GNUNET_assert (GNUNET_SYSERR ==
TALER_denom_priv_create (&dk_priv,
&dk_pub,
42));
GNUNET_assert (GNUNET_OK ==
TALER_denom_priv_create (&dk_priv,
&dk_pub,
TALER_DENOMINATION_RSA,
1024));
TALER_planchet_setup_random (&ps);
TALER_planchet_setup_random (&ps, TALER_DENOMINATION_RSA);
GNUNET_assert (GNUNET_OK ==
TALER_planchet_prepare (&dk_pub,
&ps,
@ -106,8 +117,7 @@ test_planchets (void)
GNUNET_assert (GNUNET_OK ==
TALER_denom_sign_blinded (&blind_sig,
&dk_priv,
pd.coin_ev,
pd.coin_ev_size));
&pd.blinded_planchet));
GNUNET_assert (GNUNET_OK ==
TALER_planchet_to_coin (&dk_pub,
&blind_sig,
@ -122,6 +132,66 @@ test_planchets (void)
}
/**
* Test the basic planchet functionality of creating a fresh planchet with CS denomination
* and extracting the respective signature.
*
* @return 0 on success
*/
static int
test_planchets_cs (void)
{
// struct TALER_PlanchetSecretsP ps;
struct TALER_DenominationPrivateKey dk_priv;
struct TALER_DenominationPublicKey dk_pub;
// struct TALER_PlanchetDetail pd;
// struct TALER_BlindedDenominationSignature blind_sig;
// struct TALER_FreshCoin coin;
// struct TALER_CoinPubHash c_hash;
// struct TALER_PlanchetDeriveCsBlindingSecrets seed;
GNUNET_assert (GNUNET_OK ==
TALER_denom_priv_create (&dk_priv,
&dk_pub,
TALER_DENOMINATION_CS));
// seed.secret = "test secret";
// seed.secret_len = strlen ("test secret");
// TODO: Probably need to adjust GNUNET CS implementation for the CSNonce creation and afterwards adjust the derive function
// TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS, &seed);
// GNUNET_assert (GNUNET_OK ==
// TALER_planchet_prepare (&dk_pub,
// &ps,
// &c_hash,
// &pd));
// TALER_blinded_denom_sig_free (&blind_sig);
// TALER_denom_sig_free (&coin.sig);
TALER_denom_priv_free (&dk_priv);
TALER_denom_pub_free (&dk_pub);
return 0;
}
/**
* Test the basic planchet functionality of creating a fresh planchet
* and extracting the respective signature.
* Calls test_planchets_rsa and test_planchets_cs
*
* @return 0 on success
*/
static int
test_planchets (void)
{
if (0 != test_planchets_rsa ())
return -1;
return test_planchets_cs ();
}
static int
test_exchange_sigs (void)
{

29
src/util/test_helper_rsa.c
View File

@ -270,13 +270,15 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh)
struct TALER_PlanchetSecretsP ps;
struct TALER_CoinPubHash c_hash;
TALER_planchet_setup_random (&ps);
TALER_planchet_setup_random (&ps, TALER_DENOMINATION_RSA);
for (unsigned int i = 0; i<MAX_KEYS; i++)
{
if (! keys[i].valid)
continue;
{
struct TALER_PlanchetDetail pd;
pd.blinded_planchet.cipher = TALER_DENOMINATION_RSA;
// keys[i].denom_pub.cipher = TALER_DENOMINATION_CS;
GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[i].denom_pub,
@ -285,14 +287,19 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh)
&pd));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Requesting signature over %u bytes with key %s\n",
(unsigned int) pd.coin_ev_size,
(unsigned
int) pd.blinded_planchet.details.rsa_blinded_planchet.
blinded_msg_size,
GNUNET_h2s (&keys[i].h_rsa.hash));
ds = TALER_CRYPTO_helper_rsa_sign (dh,
&keys[i].h_rsa,
pd.coin_ev,
pd.coin_ev_size,
pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg,
pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg_size,
&ec);
GNUNET_free (pd.coin_ev);
GNUNET_free (
pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
switch (ec)
{
@ -419,7 +426,7 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh,
struct GNUNET_TIME_Relative duration;
struct TALER_PlanchetSecretsP ps;
TALER_planchet_setup_random (&ps);
TALER_planchet_setup_random (&ps, TALER_DENOMINATION_RSA);
duration = GNUNET_TIME_UNIT_ZERO;
TALER_CRYPTO_helper_rsa_poll (dh);
for (unsigned int j = 0; j<NUM_SIGN_PERFS;)
@ -455,8 +462,11 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh,
ds = TALER_CRYPTO_helper_rsa_sign (dh,
&keys[i].h_rsa,
pd.coin_ev,
pd.coin_ev_size,
pd.blinded_planchet.details.
rsa_blinded_planchet.blinded_msg,
pd.blinded_planchet.details.
rsa_blinded_planchet.
blinded_msg_size,
&ec);
if (TALER_EC_NONE != ec)
break;
@ -468,7 +478,8 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh,
if (NUM_SIGN_PERFS <= j)
break;
}
GNUNET_free (pd.coin_ev);
GNUNET_free (
pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
} /* for i */
} /* for j */