taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: taler:e3d5672cbd8fdcbc7df9c52f90b7d639ad1675d9
Branches Tags
taler:master
taler:new-amount
taler:fail-amount
taler:age-withdraw
taler:master-broken
taler:auction_brandt
..
compare: taler:7521ff1cf4fe27b3b808f8026ce0f239d9cdc6c6
Branches Tags
taler:new-amount
taler:fail-amount
taler:age-withdraw
taler:master
taler:master-broken
taler:auction_brandt

No commits in common. "e3d5672cbd8fdcbc7df9c52f90b7d639ad1675d9" and "7521ff1cf4fe27b3b808f8026ce0f239d9cdc6c6" have entirely different histories.
e3d5672cbd ... 7521ff1cf4

3 changed files with 37 additions and 112 deletions
Show Stats Expand all files Collapse all files

107
src/exchange/taler-exchange-httpd_age-withdraw_reveal.c
View File

@ -28,22 +28,6 @@
#include "taler-exchange-httpd_responses.h" #include "taler-exchange-httpd_responses.h"
#include "taler-exchange-httpd_keys.h" #include "taler-exchange-httpd_keys.h"
/**
* Clients have to prove that the public keys for all age groups larger than
* the allowed maximum age group are derived by scalar multiplication from this
* Edx25519 public key (in Crockford Base32 encoding):
*
* DZJRF6HXN520505XDAWM8NMH36QV9J3VH77265WQ09EBQ76QSKCG
*
* The private key was chosen randomly and then deleted.
*/
static struct GNUNET_CRYPTO_Edx25519PublicKey publishedBaseKey = {
.q_y = { 0x6f, 0xe5, 0x87, 0x9a, 0x3d, 0xa9, 0x44, 0x20,
0x80, 0xbd, 0x6a, 0xb9, 0x44, 0x56, 0x91, 0x19,
0xaf, 0xb4, 0xc8, 0x7b, 0x89, 0xce, 0x23, 0x17,
0x97, 0x20, 0x5c, 0xbb, 0x9c, 0xd7, 0xcc, 0xd9},
};
/** /**
* State for an /age-withdraw/$ACH/reveal operation. * State for an /age-withdraw/$ACH/reveal operation.
*/ */
@ -51,8 +35,7 @@ struct AgeRevealContext
{ {
/** /**
* Commitment for the age-withdraw operation, previously called by the * Commitment for the age-withdraw operation.
* client.
*/ */
struct TALER_AgeWithdrawCommitmentHashP ach; struct TALER_AgeWithdrawCommitmentHashP ach;
@ -79,6 +62,11 @@ struct AgeRevealContext
*/ */
struct TEH_DenominationKey *denom_keys; struct TEH_DenominationKey *denom_keys;
/**
* #num_coins hases of blinded coins.
*/
struct TALER_BlindedCoinHashP *coin_evs;
/** /**
* Total sum of all denominations' values * Total sum of all denominations' values
**/ **/
@ -89,11 +77,6 @@ struct AgeRevealContext
*/ */
struct TALER_Amount total_fee; struct TALER_Amount total_fee;
/**
* #num_coins hashes of blinded coins.
*/
struct TALER_BlindedCoinHashP *coin_evs;
/** /**
* #num_coins*(kappa - 1) disclosed coins. * #num_coins*(kappa - 1) disclosed coins.
*/ */
@ -521,7 +504,7 @@ are_denominations_valid (
if (0 != TALER_amount_cmp (&sum, amount_with_fee)) if (0 != TALER_amount_cmp (&sum, amount_with_fee))
{ {
GNUNET_break_op (0); GNUNET_break (0);
*result = TALER_MHD_reply_with_ec (connection, *result = TALER_MHD_reply_with_ec (connection,
TALER_EC_EXCHANGE_AGE_WITHDRAW_AMOUNT_INCORRECT, TALER_EC_EXCHANGE_AGE_WITHDRAW_AMOUNT_INCORRECT,
NULL); NULL);
@ -533,61 +516,6 @@ are_denominations_valid (
} }
/**
* Checks the validity of the disclosed coins as follows:
* - Derives and calculates the disclosed coins'
* - public keys,
* - nonces (if applicable),
* - age commitments,
* - blindings
* - blinded hashes
* - Computes h_commitment with those calculated and the undisclosed hashes
* - Compares h_commitment with the value from the original commitment
* - Verifies that all public keys in indices larger than max_age_group are
* derived from the constant public key.
*
* The derivation of the blindings, (potential) nonces and age-commitment from
* a coin's private keys is defined in
* https://docs.taler.net/design-documents/024-age-restriction.html#withdraw
*
* @param connection HTTP-connection to the client
* @param h_commitment_orig Original commitment
* @param max_age_group Maximum age group allowed for the age restriction
* @param noreveal_idx Index that was given to the client in response to the age-withdraw request
* @param num_coins Number of coins
* @param coin_evs The Hashes of the undisclosed, blinded coins
* @param discloded_coins The private keys of the disclosed coins
* @param denom_keys The array of denomination keys. Needed to detect Clause-Schnorr-based denominations
* @param[out] result On error, a HTTP-response will be queued and result set accordingly
* @return GNUNET_OK on success, GNUNET_SYSERR otherwise
*/
static enum GNUNET_GenericReturnValue
verify_commitment_and_max_age (
struct MHD_Connection *connection,
const struct TALER_AgeWithdrawCommitmentHashP *h_commitment_orig,
uint32_t max_age_group,
uint32_t noreveal_idx,
uint32_t num_coins,
const struct TALER_BlindedCoinHashP *coin_evs,
const struct GNUNET_CRYPTO_EddsaPrivateKey *disclosed_coins,
const struct TEH_DenominationKey *denom_keys,
MHD_RESULT *result)
{
struct TALER_BlindedCoinHashP *disclosed_evs; /* Will contain all calculated hashes */
disclosed_evs = GNUNET_new_array (
num_coins * (TALER_CNC_KAPPA - 1),
struct TALER_BlindedCoinHashP);
for (uint32_t i = 0; i < num_coins; i++)
{
/* FIXME:oec: Calculate new coins and blinded hashes */
}
return GNUNET_SYSERR;
}
MHD_RESULT MHD_RESULT
TEH_handler_age_withdraw_reveal ( TEH_handler_age_withdraw_reveal (
struct TEH_RequestContext *rc, struct TEH_RequestContext *rc,
@ -655,24 +583,15 @@ TEH_handler_age_withdraw_reveal (
&result)) &result))
break; break;
/* Verify the computed h_commitment equals the committed one and that
* coins have a maximum age group of max_age_group */
if (GNUNET_OK != verify_commitment_and_max_age (
rc->connection,
&actx.commitment.h_commitment,
actx.commitment.max_age_group,
actx.commitment.noreveal_index,
actx.num_coins,
actx.coin_evs,
actx.disclosed_coins,
actx.denom_keys,
&result))
break;
/* TODO:oec: sign the coins */
} while(0); } while(0);
/* TODO:oec: compute the disclosed blinded coins */
/* TODO:oec: generate h_commitment_comp */
/* TODO:oec: compare h_commitment_comp against h_commitment */
/* TODO:oec: sign the coins */
/* TODO:oec: send response */
age_reveal_context_free (&actx); age_reveal_context_free (&actx);
GNUNET_JSON_parse_free (spec); GNUNET_JSON_parse_free (spec);
return result; return result;

9
src/include/taler_crypto_lib.h
View File

@ -1309,8 +1309,13 @@ struct TALER_AgeAttestation
#endif #endif
}; };
#define TALER_AgeCommitmentHash_isNullOrZero(ph) ((NULL == ph) || \
GNUNET_is_zero (ph)) extern const struct TALER_AgeCommitmentHash TALER_ZeroAgeCommitmentHash;
#define TALER_AgeCommitmentHash_isNullOrZero(ph) \
((NULL == ph) || \
(0 == memcmp (ph, \
&TALER_ZeroAgeCommitmentHash, \
sizeof(struct TALER_AgeCommitmentHash))))
/** /**
* @brief Type of public signing keys for verifying blindly signed coins. * @brief Type of public signing keys for verifying blindly signed coins.

27
src/util/crypto.c
View File

@ -26,6 +26,11 @@
#include "taler_util.h" #include "taler_util.h"
#include <gcrypt.h> #include <gcrypt.h>
/**
* Used in TALER_AgeCommitmentHash_isNullOrZero for comparison
*/
const struct TALER_AgeCommitmentHash TALER_ZeroAgeCommitmentHash = {0};
/** /**
* Function called by libgcrypt on serious errors. * Function called by libgcrypt on serious errors.
* Prints an error message and aborts the process. * Prints an error message and aborts the process.
@ -421,22 +426,18 @@ TALER_coin_pub_hash (const struct TALER_CoinSpendPublicKeyP *coin_pub,
{ {
/* Coin comes with age commitment. Take the hash of the age commitment /* Coin comes with age commitment. Take the hash of the age commitment
* into account */ * into account */
struct GNUNET_HashContext *hash_context; const size_t key_s = sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey);
const size_t age_s = sizeof(struct TALER_AgeCommitmentHash);
char data[key_s + age_s];
hash_context = GNUNET_CRYPTO_hash_context_start (); GNUNET_memcpy (&data[0],
GNUNET_CRYPTO_hash_context_read (
hash_context,
&coin_pub->eddsa_pub, &coin_pub->eddsa_pub,
sizeof(struct GNUNET_CRYPTO_EcdsaPublicKey)); key_s);
GNUNET_memcpy (&data[key_s],
GNUNET_CRYPTO_hash_context_read (
hash_context,
ach, ach,
sizeof(struct TALER_AgeCommitmentHash)); age_s);
GNUNET_CRYPTO_hash (&data,
GNUNET_CRYPTO_hash_context_finish ( key_s + age_s,
hash_context,
&coin_h->hash); &coin_h->hash);
} }
} }