taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

start to work on transformation

Browse Source
This commit is contained in:
Christian Grothoff 2021-10-22 22:30:33 +02:00
parent 55632b1fbf
commit fc371ea18b
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
3 changed files with 85 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
src/include/taler_crypto_lib.h
View File

@ -381,7 +381,7 @@ struct TALER_DenominationHash
/** /**
* Actual hash value. * Actual hash value.
*/ */
struct GNUNET_HashCode data; struct GNUNET_HashCode hash;
}; };
@ -394,7 +394,7 @@ struct TALER_PrivateContractHash
/** /**
* Actual hash value. * Actual hash value.
*/ */
struct GNUNET_HashCode data; struct GNUNET_HashCode hash;
}; };
@ -407,7 +407,7 @@ struct TALER_ExtensionContractHash
/** /**
* Actual hash value. * Actual hash value.
*/ */
struct GNUNET_HashCode data; struct GNUNET_HashCode hash;
}; };
@ -420,7 +420,7 @@ struct TALER_MerchantWireHash
/** /**
* Actual hash value. * Actual hash value.
*/ */
struct GNUNET_HashCode data; struct GNUNET_HashCode hash;
}; };
@ -433,7 +433,7 @@ struct TALER_PaytoHash
/** /**
* Actual hash value. * Actual hash value.
*/ */
struct GNUNET_HashCode data; struct GNUNET_HashCode hash;
}; };
@ -446,7 +446,20 @@ struct TALER_BlindedCoinHash
/** /**
* Actual hash value. * Actual hash value.
*/ */
struct GNUNET_HashCode data; struct GNUNET_HashCode hash;
};
/**
* Hash used to represent the hash of the public
* key of a coin (without blinding).
*/
struct TALER_CoinPubHash
{
/**
* Actual hash value.
*/
struct GNUNET_HashCode hash;
}; };
@ -633,6 +646,21 @@ TALER_denom_priv_to_pub (const struct TALER_DenominationPrivateKey *denom_priv,
struct TALER_DenominationPublicKey *denom_pub); struct TALER_DenominationPublicKey *denom_pub);
/**
* Verify signature made with a denomination public key
* over a coin.
*
* @param denom_pub public denomination key
* @param denom_sig signature made with the private key
* @param c_hash hash over the coin
* @return #GNUNET_OK if the signature is valid
*/
enum GNUNET_GenericReturnValue
TALER_denom_pub_verify (const struct TALER_DenominationPublicKey *denom_pub,
const struct TALER_DenominationSignature *denom_sig,
const struct TALER_CoinPubHash *c_hash);
/** /**
* Check if a coin is valid; that is, whether the denomination key exists, * Check if a coin is valid; that is, whether the denomination key exists,
* is not expired, and the signature is correct. * is not expired, and the signature is correct.
@ -846,7 +874,7 @@ TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps);
enum GNUNET_GenericReturnValue enum GNUNET_GenericReturnValue
TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
const struct TALER_PlanchetSecretsP *ps, const struct TALER_PlanchetSecretsP *ps,
struct GNUNET_HashCode *c_hash, struct TALER_CoinPubHash *c_hash,
struct TALER_PlanchetDetail *pd); struct TALER_PlanchetDetail *pd);
@ -865,7 +893,7 @@ enum GNUNET_GenericReturnValue
TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk, TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk,
const struct GNUNET_CRYPTO_RsaSignature *blind_sig, const struct GNUNET_CRYPTO_RsaSignature *blind_sig,
const struct TALER_PlanchetSecretsP *ps, const struct TALER_PlanchetSecretsP *ps,
const struct GNUNET_HashCode *c_hash, const struct TALER_CoinPubHash *c_hash,
struct TALER_FreshCoin *coin); struct TALER_FreshCoin *coin);
@ -1886,7 +1914,7 @@ TALER_merchant_wire_signature_make (
* @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
*/ */
enum GNUNET_GenericReturnValue enum GNUNET_GenericReturnValue
TALER_rsa_blind (const struct GNUNET_HashCode *hash, TALER_rsa_blind (const struct TALER_CoinPubHash *hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey, struct GNUNET_CRYPTO_RsaPublicKey *pkey,
void **buf, void **buf,

4
src/util/auditor_signatures.c
View File

@ -26,7 +26,7 @@
void void
TALER_auditor_denom_validity_sign ( TALER_auditor_denom_validity_sign (
const char *auditor_url, const char *auditor_url,
const struct GNUNET_HashCode *h_denom_pub, const struct TALER_DenominationHash *h_denom_pub,
const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterPublicKeyP *master_pub,
struct GNUNET_TIME_Absolute stamp_start, struct GNUNET_TIME_Absolute stamp_start,
struct GNUNET_TIME_Absolute stamp_expire_withdraw, struct GNUNET_TIME_Absolute stamp_expire_withdraw,
@ -73,7 +73,7 @@ TALER_auditor_denom_validity_sign (
enum GNUNET_GenericReturnValue enum GNUNET_GenericReturnValue
TALER_auditor_denom_validity_verify ( TALER_auditor_denom_validity_verify (
const char *auditor_url, const char *auditor_url,
const struct GNUNET_HashCode *h_denom_pub, const struct TALER_DenominationHash *h_denom_pub,
const struct TALER_MasterPublicKeyP *master_pub, const struct TALER_MasterPublicKeyP *master_pub,
struct GNUNET_TIME_Absolute stamp_start, struct GNUNET_TIME_Absolute stamp_start,
struct GNUNET_TIME_Absolute stamp_expire_withdraw, struct GNUNET_TIME_Absolute stamp_expire_withdraw,

79
src/util/crypto.c
View File

@ -73,23 +73,26 @@ enum GNUNET_GenericReturnValue
TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info, TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info,
const struct TALER_DenominationPublicKey *denom_pub) const struct TALER_DenominationPublicKey *denom_pub)
{ {
struct GNUNET_HashCode c_hash; struct TALER_CoinPubHash c_hash;
#if ENABLE_SANITY_CHECKS #if ENABLE_SANITY_CHECKS
struct GNUNET_HashCode d_hash; struct TALER_DenominationHash d_hash;
GNUNET_CRYPTO_rsa_public_key_hash (denom_pub->rsa_public_key, TALER_denom_pub_hash (denom_pub,
&d_hash); &d_hash);
GNUNET_assert (0 == GNUNET_assert (0 ==
GNUNET_memcmp (&d_hash, GNUNET_memcmp (&d_hash,
&coin_public_info->denom_pub_hash)); &coin_public_info->denom_pub_hash));
#endif #endif
// FIXME-Oec: replace with function that
// also hashes the age vector if we have
// one!
GNUNET_CRYPTO_hash (&coin_public_info->coin_pub, GNUNET_CRYPTO_hash (&coin_public_info->coin_pub,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
&c_hash); &c_hash.hash);
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_rsa_verify (&c_hash, TALER_denom_pub_verify (denom_pub,
coin_public_info->denom_sig.rsa_signature, &coin_public_info->denom_sig,
denom_pub->rsa_public_key)) &c_hash))
{ {
GNUNET_log (GNUNET_ERROR_TYPE_WARNING, GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"coin signature is invalid\n"); "coin signature is invalid\n");
@ -175,28 +178,35 @@ TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps)
enum GNUNET_GenericReturnValue enum GNUNET_GenericReturnValue
TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
const struct TALER_PlanchetSecretsP *ps, const struct TALER_PlanchetSecretsP *ps,
struct GNUNET_HashCode *c_hash, struct TALER_CoinPubHash *c_hash,
struct TALER_PlanchetDetail *pd) struct TALER_PlanchetDetail *pd)
{ {
struct TALER_CoinSpendPublicKeyP coin_pub; struct TALER_CoinSpendPublicKeyP coin_pub;
GNUNET_CRYPTO_eddsa_key_get_public (&ps->coin_priv.eddsa_priv, GNUNET_CRYPTO_eddsa_key_get_public (&ps->coin_priv.eddsa_priv,
&coin_pub.eddsa_pub); &coin_pub.eddsa_pub);
// FIXME-Oec: replace with function that
// also hashes the age vector if we have
// one!
GNUNET_CRYPTO_hash (&coin_pub.eddsa_pub, GNUNET_CRYPTO_hash (&coin_pub.eddsa_pub,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
c_hash); &c_hash->hash);
// FIXME-Gian/Lucien: this will be the bigger
// change, as you have the extra round trip
// => to be discussed!
GNUNET_assert (TALER_DENOMINATION_RSA == dk->cipher);
if (GNUNET_YES != if (GNUNET_YES !=
TALER_rsa_blind (c_hash, TALER_rsa_blind (c_hash,
&ps->blinding_key.bks, &ps->blinding_key.bks,
dk->rsa_public_key, dk->details.rsa_public_key,
&pd->coin_ev, &pd->coin_ev,
&pd->coin_ev_size)) &pd->coin_ev_size))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
GNUNET_CRYPTO_rsa_public_key_hash (dk->rsa_public_key, TALER_denom_pub_hash (dk,
&pd->denom_pub_hash); &pd->denom_pub_hash);
return GNUNET_OK; return GNUNET_OK;
} }
@ -205,24 +215,30 @@ enum GNUNET_GenericReturnValue
TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk, TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk,
const struct GNUNET_CRYPTO_RsaSignature *blind_sig, const struct GNUNET_CRYPTO_RsaSignature *blind_sig,
const struct TALER_PlanchetSecretsP *ps, const struct TALER_PlanchetSecretsP *ps,
const struct GNUNET_HashCode *c_hash, const struct TALER_CoinPubHash *c_hash,
struct TALER_FreshCoin *coin) struct TALER_FreshCoin *coin)
{ {
struct GNUNET_CRYPTO_RsaSignature *sig; struct TALER_DenominationSignature sig;
sig = TALER_rsa_unblind (blind_sig, // FIXME-Gian/Lucien: this will be the bigger
&ps->blinding_key.bks, // change, as you have the extra round trip
dk->rsa_public_key); // => to be discussed!
GNUNET_assert (TALER_DENOMINATION_RSA == dk->cipher);
sig.cipher = TALER_DENOMINATION_RSA;
sig.details.rsa_signature
= TALER_rsa_unblind (blind_sig,
&ps->blinding_key.bks,
dk->details.rsa_public_key);
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_rsa_verify (c_hash, TALER_denom_pub_verify (dk,
sig, &sig,
dk->rsa_public_key)) c_hash))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
GNUNET_CRYPTO_rsa_signature_free (sig); GNUNET_CRYPTO_rsa_signature_free (sig.details.rsa_signature);
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
coin->sig.rsa_signature = sig; coin->sig = sig;
coin->coin_priv = ps->coin_priv; coin->coin_priv = ps->coin_priv;
return GNUNET_OK; return GNUNET_OK;
} }
@ -250,19 +266,16 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
hash_context */ hash_context */
for (unsigned int i = 0; i<num_new_coins; i++) for (unsigned int i = 0; i<num_new_coins; i++)
{ {
void *buf; struct TALER_DenominationHash denom_hash;
size_t buf_size;
/* The denomination keys should / must all be identical regardless /* The denomination keys should / must all be identical regardless
of what offset we use, so we use [0]. */ of what offset we use, so we use [0]. */
GNUNET_assert (kappa > 0); /* sanity check */ GNUNET_assert (kappa > 0); /* sanity check */
buf_size = GNUNET_CRYPTO_rsa_public_key_encode ( TALER_denom_pub_hash (rcs[0].new_coins[i].dk,
rcs[0].new_coins[i].dk->rsa_public_key, &denom_hash);
&buf);
GNUNET_CRYPTO_hash_context_read (hash_context, GNUNET_CRYPTO_hash_context_read (hash_context,
buf, &denom_hash,
buf_size); sizeof (denom_hash));
GNUNET_free (buf);
} }
/* next, add public key of coin and amount being refreshed */ /* next, add public key of coin and amount being refreshed */
@ -301,13 +314,13 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
enum GNUNET_GenericReturnValue enum GNUNET_GenericReturnValue
TALER_rsa_blind (const struct GNUNET_HashCode *hash, TALER_rsa_blind (const struct TALER_CoinPubHash *hash,
const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
struct GNUNET_CRYPTO_RsaPublicKey *pkey, struct GNUNET_CRYPTO_RsaPublicKey *pkey,
void **buf, void **buf,
size_t *buf_size) size_t *buf_size)
{ {
return GNUNET_CRYPTO_rsa_blind (hash, return GNUNET_CRYPTO_rsa_blind (&hash->hash,
bks, bks,
pkey, pkey,
buf, buf,