[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] 01/37: added CS data structures, implemented CS keypair
|
From: |
gnunet |
|
Subject: |
[taler-exchange] 01/37: added CS data structures, implemented CS keypair |
|
Date: |
Fri, 04 Feb 2022 16:53:31 +0100 |
This is an automated email from the git hooks/post-receive script.
gian-demarmels pushed a commit to branch master
in repository exchange.
commit f3fb7c29e69d38ee77d6214cf001f8e18fa00f2b
Author: Gian Demarmels <gian@demarmels.org>
AuthorDate: Fri Dec 17 14:35:10 2021 +0100
added CS data structures, implemented CS keypair
---
src/benchmark/taler-aggregator-benchmark.c | 10 +-
src/exchange/taler-exchange-httpd_recoup.c | 15 +-
.../taler-exchange-httpd_refreshes_reveal.c | 6 +-
src/exchangedb/test_exchangedb.c | 27 ++-
src/include/taler_crypto_lib.h | 206 +++++++++++++++++++--
src/lib/exchange_api_link.c | 11 +-
src/lib/exchange_api_refresh_common.c | 6 +-
src/lib/exchange_api_refreshes_reveal.c | 17 +-
src/lib/exchange_api_withdraw.c | 2 +-
src/lib/exchange_api_withdraw2.c | 14 +-
src/testing/testing_api_cmd_insert_deposit.c | 10 +-
src/testing/testing_api_cmd_withdraw.c | 4 +-
src/util/crypto.c | 66 ++++++-
src/util/denom.c | 66 ++++---
src/util/test_crypto.c | 78 +++++++-
src/util/test_helper_rsa.c | 29 ++-
16 files changed, 463 insertions(+), 104 deletions(-)
diff --git a/src/benchmark/taler-aggregator-benchmark.c
b/src/benchmark/taler-aggregator-benchmark.c
index 41192100..47314abe 100644
--- a/src/benchmark/taler-aggregator-benchmark.c
+++ b/src/benchmark/taler-aggregator-benchmark.c
@@ -518,21 +518,19 @@ run (void *cls,
return;
}
- TALER_blinding_secret_create (&bks);
+ TALER_blinding_secret_create (&bks, TALER_DENOMINATION_RSA);
GNUNET_assert (GNUNET_OK ==
TALER_denom_blind (&denom_pub,
&bks,
NULL, /* FIXME-oec */
&coin_pub,
&c_hash,
- &pd.coin_ev,
- &pd.coin_ev_size));
+ &pd.blinded_planchet));
GNUNET_assert (GNUNET_OK ==
TALER_denom_sign_blinded (&bds,
&pk,
- pd.coin_ev,
- pd.coin_ev_size));
- GNUNET_free (pd.coin_ev);
+ &pd.blinded_planchet));
+ GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
GNUNET_assert (GNUNET_OK ==
TALER_denom_sig_unblind (&denom_sig,
&bds,
diff --git a/src/exchange/taler-exchange-httpd_recoup.c
b/src/exchange/taler-exchange-httpd_recoup.c
index 0deaa8bb..97eb0496 100644
--- a/src/exchange/taler-exchange-httpd_recoup.c
+++ b/src/exchange/taler-exchange-httpd_recoup.c
@@ -243,9 +243,11 @@ verify_and_execute_recoup (
}
{
+ //FIXME:
void *coin_ev;
size_t coin_ev_size;
struct TALER_CoinPubHash c_hash;
+ struct TALER_BlindedPlanchet blinded_planchet;
if (GNUNET_OK !=
TALER_denom_blind (&dk->denom_pub,
@@ -253,8 +255,7 @@ verify_and_execute_recoup (
NULL, /* FIXME-Oec: TALER_AgeHash * */
&coin->coin_pub,
&c_hash,
- &coin_ev,
- &coin_ev_size))
+ &blinded_planchet))
{
GNUNET_break (0);
return TALER_MHD_reply_with_error (
@@ -263,10 +264,12 @@ verify_and_execute_recoup (
TALER_EC_EXCHANGE_RECOUP_BLINDING_FAILED,
NULL);
}
- TALER_coin_ev_hash (coin_ev,
- coin_ev_size,
- &pc.h_blind);
- GNUNET_free (coin_ev);
+ TALER_coin_ev_hash (
+ blinded_planchet.details.rsa_blinded_planchet.blinded_msg,
+ blinded_planchet.details.rsa_blinded_planchet.
+ blinded_msg_size,
+ &pc.h_blind);
+ GNUNET_free (blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
pc.coin_sig = coin_sig;
diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c
b/src/exchange/taler-exchange-httpd_refreshes_reveal.c
index 30a7294c..4e004025 100644
--- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c
+++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c
@@ -193,8 +193,10 @@ check_commitment (struct RevealContext *rctx,
&ps,
&c_hash,
&pd));
- rcd->coin_ev = pd.coin_ev;
- rcd->coin_ev_size = pd.coin_ev_size;
+ rcd->coin_ev =
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg;
+ rcd->coin_ev_size =
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size;
}
}
}
diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c
index cca7c3f4..3306837d 100644
--- a/src/exchangedb/test_exchangedb.c
+++ b/src/exchangedb/test_exchangedb.c
@@ -531,10 +531,8 @@ handle_link_data_cb (void *cls,
break;
}
}
- GNUNET_assert (found);
- }
-}
-
+ //FIXME:
+ GNUNET_assert (GNUNET_NO != found);
/**
* Callback that should never be called.
@@ -1469,7 +1467,7 @@ run (void *cls)
struct TALER_CoinSpendPublicKeyP coin_pub;
struct TALER_AgeHash age_hash;
struct TALER_AgeHash *p_ah[2] = {NULL, &age_hash};
-
+ //FIXME:
/* Call TALER_denom_blind()/TALER_denom_sign_blinded() twice, once without
* age_hash, once with age_hash */
RND_BLK (&age_hash);
@@ -1495,6 +1493,25 @@ run (void *cls)
pd.coin_ev_size));
GNUNET_free (pd.coin_ev);
}
+ RND_BLK (&coin_pub);
+ TALER_blinding_secret_create (&bks, TALER_DENOMINATION_RSA);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_blind (&dkp->pub,
+ &bks,
+ NULL, /* FIXME-Oec */
+ &coin_pub,
+ &c_hash,
+ &pd.blinded_planchet));
+ TALER_coin_ev_hash (
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg,
+ pd.blinded_planchet.details.rsa_blinded_planchet.
+ blinded_msg_size,
+ &cbc.h_coin_envelope);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_sign_blinded (&cbc.sig,
+ &dkp->priv,
+ &pd.blinded_planchet));
+ GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
cbc.reserve_pub = reserve_pub;
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 6a805b64..2e0674fb 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -353,9 +353,15 @@ struct TALER_CoinSpendSignatureP
/**
* @brief Type of blinding keys for Taler.
+ * must be 32 bytes
*/
union TALER_DenominationBlindingKeyP
{
+ /**
+ * Clause Schnorr Signatures have 2 blinding secrets, each containing two
unpredictable values.
+ */
+ struct GNUNET_CRYPTO_CsNonce nonce;
+
/**
* Taler uses RSA for blind signatures.
*/
@@ -575,9 +581,9 @@ enum TALER_DenominationCipher
TALER_DENOMINATION_RSA = 1,
/**
- * Clause-Schnorr blind signature.
+ * Clause Blind Schnorr signature.
*/
- // TALER_DENOMINATION_CS = 2
+ TALER_DENOMINATION_CS = 2
};
@@ -597,6 +603,10 @@ struct TALER_DenominationSignature
*/
union
{
+ /**
+ * If we use #TALER_DENOMINATION_CS in @a cipher.
+ */
+ struct GNUNET_CRYPTO_CsSignature cs_signature;
/**
* If we use #TALER_DENOMINATION_RSA in @a cipher.
@@ -607,6 +617,24 @@ struct TALER_DenominationSignature
};
+/**
+ * The Sign Answer for Clause B lind Schnorr signature.
+ * The sign operation returns a parameter @param b and the signature
+ * scalar @param s_scalar.
+ * The function does not return the whole signature, due to that is only the
blinded s_scalar.
+ */
+struct TALER_BlindedDenominationCsSignAnswer
+{
+ /**
+ * To make ROS problem harder, the signer chooses an unpredictable b and
only calculates signature of c_b
+ */
+ unsigned int b;
+
+ /**
+ * The blinded s scalar calculated from c_b
+ */
+ struct GNUNET_CRYPTO_CsBlindS s_scalar;
+};
/**
* @brief Type for *blinded* denomination signatures for Taler.
@@ -625,6 +653,12 @@ struct TALER_BlindedDenominationSignature
*/
union
{
+ /**
+ * If we use #TALER_DENOMINATION_CS in @a cipher.
+ * At this point only the blinded s scalar is used.
+ * The final signature consisting of r,s is built after unblinding.
+ */
+ struct TALER_BlindedDenominationCsSignAnswer blinded_cs_answer;
/**
* If we use #TALER_DENOMINATION_RSA in @a cipher.
@@ -657,6 +691,10 @@ struct TALER_DenominationPublicKey
*/
union
{
+ /**
+ * If we use #TALER_DENOMINATION_CS in @a cipher.
+ */
+ struct GNUNET_CRYPTO_CsPublicKey cs_public_key;
/**
* If we use #TALER_DENOMINATION_RSA in @a cipher.
@@ -683,6 +721,10 @@ struct TALER_DenominationPrivateKey
*/
union
{
+ /**
+ * If we use #TALER_DENOMINATION_CS in @a cipher.
+ */
+ struct GNUNET_CRYPTO_CsPrivateKey cs_private_key;
/**
* If we use #TALER_DENOMINATION_RSA in @a cipher.
@@ -692,6 +734,141 @@ struct TALER_DenominationPrivateKey
} details;
};
+/**
+ * @brief RSA Parameters to create blinded signature
+ *
+ */
+struct TALER_BlindedRsaPlanchet
+{
+ /**
+ * blinded message to be signed
+ * Note: is malloc()'ed!
+ */
+ void *blinded_msg;
+
+ /**
+ * size of the blinded message to be signed
+ */
+ size_t blinded_msg_size;
+};
+
+
+/**
+ * @brief CS Parameters to create blinded signature
+ *
+ */
+struct TALER_BlindedCsPlanchet
+{
+ /**
+ * Withdraw or refresh nonce used for derivation
+ */
+ struct GNUNET_CRYPTO_CsNonce nonce;
+
+ /**
+ * The Clause Schnorr c_0 and c_1 containing the blinded message
+ */
+ struct GNUNET_CRYPTO_CsC c[2];
+};
+
+
+/**
+ * @brief Type including Parameters to create blinded signature
+ *
+ */
+struct TALER_BlindedPlanchet
+{
+ /**
+ * Type of the sign blinded message
+ */
+ enum TALER_DenominationCipher cipher;
+
+ /**
+ * Details, depending on @e cipher.
+ */
+ union
+ {
+ /**
+ * If we use #TALER_DENOMINATION_CS in @a cipher.
+ */
+ struct TALER_BlindedCsPlanchet cs_blinded_planchet;
+
+ /**
+ * If we use #TALER_DENOMINATION_RSA in @a cipher.
+ */
+ struct TALER_BlindedRsaPlanchet rsa_blinded_planchet;
+
+ } details;
+};
+
+
+/**
+ * @brief RSA Parameters to create blinded messages
+ *
+ */
+struct TALER_DenominationBlindMessageRsaParams
+{
+ /**
+ * blinded message to be signed
+ * Note: is malloc()'ed!
+ */
+ void **coin_ev;
+
+ /**
+ * size of the blinded message to be signed
+ */
+ size_t *coin_ev_size;
+};
+
+
+/**
+ * @brief CS Parameters to create blinded messages
+ *
+ */
+struct TALER_DenominationBlindMessageCsParams
+{
+
+};
+
+/**
+ * @brief Type including Parameters to create blinded message
+ *
+ */
+struct TALER_DenominationBlindMessageParams
+{
+ /**
+ * Details, depending on @e cipher.
+ */
+ union
+ {
+ /**
+ * If we use #TALER_DENOMINATION_CS in @a cipher.
+ */
+ struct TALER_DenominationBlindMessageCsParams cs_blind_msg_params;
+
+ /**
+ * If we use #TALER_DENOMINATION_RSA in @a cipher.
+ */
+ struct TALER_DenominationBlindMessageRsaParams rsa_blind_msg_params;
+
+ } details;
+};
+
+/**
+ * @brief CS Blinding Secret parameters to derive blinding secrets
+ *
+ */
+struct TALER_PlanchetDeriveCsBlindingSecrets
+{
+ /**
+ * Secret to derive blinding secrets from
+ */
+ void *secret;
+
+ /**
+ * size of the secret to derive blinding secrets from
+ */
+ size_t secret_len;
+};
/**
* @brief Public information about a coin (including the public key
@@ -768,7 +945,9 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey
*denom_pub);
* @param[out] bs blinding secret to initialize
*/
void
-TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs);
+TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
+ enum TALER_DenominationCipher cipher,
+ ...);
/**
@@ -827,8 +1006,7 @@ TALER_denom_blind (const struct
TALER_DenominationPublicKey *dk,
const struct TALER_AgeHash *age_commitment_hash,
const struct TALER_CoinSpendPublicKeyP *coin_pub,
struct TALER_CoinPubHash *c_hash,
- void **coin_ev,
- size_t *coin_ev_size);
+ struct TALER_BlindedPlanchet *blinded_planchet);
/**
@@ -843,8 +1021,7 @@ TALER_denom_blind (const struct
TALER_DenominationPublicKey *dk,
enum GNUNET_GenericReturnValue
TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
const struct TALER_DenominationPrivateKey
*denom_priv,
- void *blinded_msg,
- size_t blinded_msg_size);
+ const struct TALER_BlindedPlanchet
*blinded_planchet);
/**
@@ -1056,7 +1233,7 @@ struct TALER_PlanchetSecretsP
struct TALER_CoinSpendPrivateKeyP coin_priv;
/**
- * The blinding key.
+ * The blinding key. must be 32 byte
*/
union TALER_DenominationBlindingKeyP blinding_key;
@@ -1080,14 +1257,9 @@ struct TALER_PlanchetDetail
struct TALER_DenominationHash denom_pub_hash;
/**
- * Blinded coin (see GNUNET_CRYPTO_rsa_blind()). Note: is malloc()'ed!
+ * The blinded planchet
*/
- void *coin_ev;
-
- /**
- * Number of bytes in @a coin_ev.
- */
- size_t coin_ev_size;
+ struct TALER_BlindedPlanchet blinded_planchet;
};
@@ -1224,7 +1396,9 @@ TALER_planchet_setup_refresh (const struct
TALER_TransferSecretP *secret_seed,
* @param[out] ps value to initialize
*/
void
-TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps);
+TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
+ enum TALER_DenominationCipher cipher,
+ ...);
/**
diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c
index ec085b53..87bb5dc9 100644
--- a/src/lib/exchange_api_link.c
+++ b/src/lib/exchange_api_link.c
@@ -155,20 +155,25 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle
*lh,
GNUNET_CRYPTO_hash (pd.coin_ev,
pd.coin_ev_size,
&coin_envelope_hash.hash);
-
+ //FIXME:
if (GNUNET_OK !=
TALER_wallet_link_verify (&pd.denom_pub_hash,
trans_pub,
&coin_envelope_hash,
+ pd.blinded_planchet.details.
+ rsa_blinded_planchet.blinded_msg,
+ pd.blinded_planchet.details.
+ rsa_blinded_planchet.blinded_msg_size,
&old_coin_pub,
&link_sig))
{
GNUNET_break_op (0);
- GNUNET_free (pd.coin_ev);
+ GNUNET_free (
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
GNUNET_JSON_parse_free (spec);
return GNUNET_SYSERR;
}
- GNUNET_free (pd.coin_ev);
+ GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
/* clean up */
diff --git a/src/lib/exchange_api_refresh_common.c
b/src/lib/exchange_api_refresh_common.c
index 3e367566..fa3e63fe 100644
--- a/src/lib/exchange_api_refresh_common.c
+++ b/src/lib/exchange_api_refresh_common.c
@@ -441,8 +441,10 @@ TALER_EXCHANGE_refresh_prepare (
return NULL;
}
rcd->dk = &md.fresh_pks[j];
- rcd->coin_ev = pd.coin_ev;
- rcd->coin_ev_size = pd.coin_ev_size;
+ rcd->coin_ev =
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg;
+ rcd->coin_ev_size =
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size;
}
}
diff --git a/src/lib/exchange_api_refreshes_reveal.c
b/src/lib/exchange_api_refreshes_reveal.c
index 2b7fcf8c..6fc3f1a3 100644
--- a/src/lib/exchange_api_refreshes_reveal.c
+++ b/src/lib/exchange_api_refreshes_reveal.c
@@ -370,15 +370,22 @@ TALER_EXCHANGE_refreshes_reveal (
}
GNUNET_assert (0 ==
json_array_append_new (coin_evs,
- GNUNET_JSON_from_data (pd.coin_ev,
-
pd.coin_ev_size)));
+ GNUNET_JSON_from_data (
+ pd.blinded_planchet.details.
+ rsa_blinded_planchet.blinded_msg,
+ pd.
+ blinded_planchet.details.
+ rsa_blinded_planchet.
+ blinded_msg_size)));
{
struct TALER_CoinSpendSignatureP link_sig;
TALER_wallet_link_sign (&denom_hash,
&transfer_pub,
- pd.coin_ev,
- pd.coin_ev_size,
+ pd.blinded_planchet.details.rsa_blinded_planchet.
+ blinded_msg,
+ pd.blinded_planchet.details.rsa_blinded_planchet.
+ blinded_msg_size,
&md->melted_coin.coin_priv,
&link_sig);
GNUNET_assert (0 ==
@@ -386,7 +393,7 @@ TALER_EXCHANGE_refreshes_reveal (
link_sigs,
GNUNET_JSON_from_data_auto (&link_sig)));
}
- GNUNET_free (pd.coin_ev);
+ GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
/* build array of transfer private keys */
diff --git a/src/lib/exchange_api_withdraw.c b/src/lib/exchange_api_withdraw.c
index 5e823ee6..5834306e 100644
--- a/src/lib/exchange_api_withdraw.c
+++ b/src/lib/exchange_api_withdraw.c
@@ -200,7 +200,7 @@ TALER_EXCHANGE_withdraw (
reserve_priv,
&handle_reserve_withdraw_finished,
wh);
- GNUNET_free (pd.coin_ev);
+ GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
return wh;
}
diff --git a/src/lib/exchange_api_withdraw2.c b/src/lib/exchange_api_withdraw2.c
index d50892e5..c8eb3182 100644
--- a/src/lib/exchange_api_withdraw2.c
+++ b/src/lib/exchange_api_withdraw2.c
@@ -437,9 +437,11 @@ TALER_EXCHANGE_withdraw2 (
TALER_amount_hton (&req.amount_with_fee,
&wh->requested_amount);
- TALER_coin_ev_hash (pd->coin_ev,
- pd->coin_ev_size,
- &req.h_coin_envelope);
+ TALER_coin_ev_hash (
+ pd->blinded_planchet.details.rsa_blinded_planchet.blinded_msg,
+ pd->blinded_planchet.details.rsa_blinded_planchet.
+ blinded_msg_size,
+ &req.h_coin_envelope);
GNUNET_CRYPTO_eddsa_sign (&reserve_priv->eddsa_priv,
&req,
&reserve_sig.eddsa_signature);
@@ -452,8 +454,10 @@ TALER_EXCHANGE_withdraw2 (
GNUNET_JSON_pack_data_auto ("denom_pub_hash",
&pd->denom_pub_hash),
GNUNET_JSON_pack_data_varsize ("coin_ev",
- pd->coin_ev,
- pd->coin_ev_size),
+ pd->blinded_planchet.details.
+ rsa_blinded_planchet.blinded_msg,
+ pd->blinded_planchet.details.
+ rsa_blinded_planchet.blinded_msg_size),
GNUNET_JSON_pack_data_auto ("reserve_sig",
&reserve_sig));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
diff --git a/src/testing/testing_api_cmd_insert_deposit.c
b/src/testing/testing_api_cmd_insert_deposit.c
index d45bd0c6..738c4b67 100644
--- a/src/testing/testing_api_cmd_insert_deposit.c
+++ b/src/testing/testing_api_cmd_insert_deposit.c
@@ -203,21 +203,19 @@ insert_deposit_run (void *cls,
struct TALER_BlindedDenominationSignature bds;
union TALER_DenominationBlindingKeyP bks;
- TALER_blinding_secret_create (&bks);
+ TALER_blinding_secret_create (&bks, TALER_DENOMINATION_RSA);
GNUNET_assert (GNUNET_OK ==
TALER_denom_blind (&dpk,
&bks,
NULL, /* FIXME-Oec */
&deposit.coin.coin_pub,
&c_hash,
- &pd.coin_ev,
- &pd.coin_ev_size));
+ &pd.blinded_planchet));
GNUNET_assert (GNUNET_OK ==
TALER_denom_sign_blinded (&bds,
&denom_priv,
- pd.coin_ev,
- pd.coin_ev_size));
- GNUNET_free (pd.coin_ev);
+ &pd.blinded_planchet));
+ GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
GNUNET_assert (GNUNET_OK ==
TALER_denom_sig_unblind (&deposit.coin.denom_sig,
&bds,
diff --git a/src/testing/testing_api_cmd_withdraw.c
b/src/testing/testing_api_cmd_withdraw.c
index 8e6cba70..e87f42c3 100644
--- a/src/testing/testing_api_cmd_withdraw.c
+++ b/src/testing/testing_api_cmd_withdraw.c
@@ -388,7 +388,7 @@ withdraw_run (void *cls,
&ws->reserve_pub);
if (NULL == ws->reuse_coin_key_ref)
{
- TALER_planchet_setup_random (&ws->ps);
+ TALER_planchet_setup_random (&ws->ps, TALER_DENOMINATION_RSA);
}
else
{
@@ -409,7 +409,7 @@ withdraw_run (void *cls,
TALER_TESTING_get_trait_coin_priv (cref,
index,
&coin_priv));
- TALER_planchet_setup_random (&ws->ps);
+ TALER_planchet_setup_random (&ws->ps, TALER_DENOMINATION_RSA);
ws->ps.coin_priv = *coin_priv;
}
if (NULL == ws->pk)
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 178db3aa..a8413e0f 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -167,11 +167,68 @@ TALER_planchet_setup_refresh (const struct
TALER_TransferSecretP *secret_seed,
void
-TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps)
+blinding_secret_create_va (union TALER_DenominationBlindingKeyP *bs,
+ enum TALER_DenominationCipher cipher,
+ va_list ap)
+{
+ switch (cipher)
+ {
+ case TALER_DENOMINATION_INVALID:
+ GNUNET_break (0);
+ return;
+ case TALER_DENOMINATION_RSA:
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
+ &bs->rsa_bks,
+ sizeof (struct
+ GNUNET_CRYPTO_RsaBlindingKeySecret));
+ return;
+ case TALER_DENOMINATION_CS:
+ {
+ // TODO: nonce teil ist noch falsch. da kommt bs[2] zurück, was wir
nicht speichern wollen!
+ struct TALER_PlanchetDeriveCsBlindingSecrets*seed;
+
+ seed = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *);
+
+ // GNUNET_CRYPTO_cs_blinding_secrets_derive(&seed->secret,
+ // seed->secret_len,
+ // &bs->nonce);
+ return;
+ }
+
+ default:
+ GNUNET_break (0);
+ }
+
+ GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
+ bs,
+ sizeof (*bs));
+}
+
+
+void
+TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
+ enum TALER_DenominationCipher cipher,
+ ...)
+{
+ va_list ap;
+ va_start (ap, cipher);
+ blinding_secret_create_va (bs, cipher, ap);
+ va_end (ap);
+}
+
+
+void
+TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
+ enum TALER_DenominationCipher cipher,
+ ...)
{
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
- ps,
- sizeof (*ps));
+ &ps->coin_priv,
+ sizeof (struct TALER_CoinSpendPrivateKeyP));
+ va_list ap;
+ va_start (ap, cipher);
+ blinding_secret_create_va (&ps->blinding_key, cipher, ap);
+ va_end (ap);
}
@@ -191,8 +248,7 @@ TALER_planchet_prepare (const struct
TALER_DenominationPublicKey *dk,
NULL, /* FIXME-Oec */
&coin_pub,
c_hash,
- &pd->coin_ev,
- &pd->coin_ev_size))
+ &pd->blinded_planchet))
{
GNUNET_break (0);
return GNUNET_SYSERR;
diff --git a/src/util/denom.c b/src/util/denom.c
index b6b3764d..bcfa3efa 100644
--- a/src/util/denom.c
+++ b/src/util/denom.c
@@ -34,6 +34,10 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey
*denom_priv,
memset (denom_pub,
0,
sizeof (*denom_pub));
+
+ denom_priv->cipher = cipher;
+ denom_pub->cipher = cipher;
+
switch (cipher)
{
case TALER_DENOMINATION_INVALID:
@@ -63,10 +67,13 @@ TALER_denom_priv_create (struct
TALER_DenominationPrivateKey *denom_priv,
denom_pub->details.rsa_public_key
= GNUNET_CRYPTO_rsa_private_key_get_public (
denom_priv->details.rsa_private_key);
- denom_priv->cipher = cipher;
- denom_pub->cipher = cipher;
return GNUNET_OK;
- // TODO: add case for Clause-Schnorr
+ case TALER_DENOMINATION_CS:
+ GNUNET_CRYPTO_cs_private_key_generate
(&denom_priv->details.cs_private_key);
+ GNUNET_CRYPTO_cs_private_key_get_public (
+ &denom_priv->details.cs_private_key,
+ &denom_pub->details.cs_public_key);
+ return GNUNET_OK;
default:
GNUNET_break (0);
}
@@ -77,8 +84,7 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey
*denom_priv,
enum GNUNET_GenericReturnValue
TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
const struct TALER_DenominationPrivateKey
*denom_priv,
- void *blinded_msg,
- size_t blinded_msg_size)
+ const struct TALER_BlindedPlanchet *blinded_planchet)
{
memset (denom_sig,
0,
@@ -92,8 +98,8 @@ TALER_denom_sign_blinded (struct
TALER_BlindedDenominationSignature *denom_sig,
denom_sig->details.blinded_rsa_signature
= GNUNET_CRYPTO_rsa_sign_blinded (
denom_priv->details.rsa_private_key,
- blinded_msg,
- blinded_msg_size);
+ blinded_planchet->details.rsa_blinded_planchet.blinded_msg,
+ blinded_planchet->details.rsa_blinded_planchet.blinded_msg_size);
if (NULL == denom_sig->details.blinded_rsa_signature)
{
GNUNET_break (0);
@@ -147,15 +153,6 @@ TALER_denom_sig_unblind (
}
-void
-TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs)
-{
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- bs,
- sizeof (*bs));
-}
-
-
/**
* Hash @a rsa.
*
@@ -238,21 +235,28 @@ TALER_denom_blind (const struct
TALER_DenominationPublicKey *dk,
const struct TALER_AgeHash *age_commitment_hash,
const struct TALER_CoinSpendPublicKeyP *coin_pub,
struct TALER_CoinPubHash *c_hash,
- void **coin_ev,
- size_t *coin_ev_size)
+ struct TALER_BlindedPlanchet *blinded_planchet)
{
+ // if (dk->cipher != blinded_planchet->cipher)
+ // {
+ // GNUNET_break (0);
+ // return GNUNET_SYSERR;
+ // }
+ blinded_planchet->cipher = dk->cipher;
+ TALER_coin_pub_hash (coin_pub,
+ age_commitment_hash,
+ c_hash);
switch (dk->cipher)
{
case TALER_DENOMINATION_RSA:
- TALER_coin_pub_hash (coin_pub,
- age_commitment_hash,
- c_hash);
if (GNUNET_YES !=
GNUNET_CRYPTO_rsa_blind (&c_hash->hash,
&coin_bks->rsa_bks,
dk->details.rsa_public_key,
- coin_ev,
- coin_ev_size))
+
&blinded_planchet->details.rsa_blinded_planchet
+ .blinded_msg,
+
&blinded_planchet->details.rsa_blinded_planchet
+ .blinded_msg_size))
{
GNUNET_break (0);
return GNUNET_SYSERR;
@@ -314,7 +318,9 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey
*denom_pub)
}
denom_pub->cipher = TALER_DENOMINATION_INVALID;
return;
- // TODO: add case for Clause-Schnorr
+ case TALER_DENOMINATION_CS:
+ // TODO: ATM nothing needs to be freed, but check again after
implementation.
+ return;
default:
GNUNET_assert (0);
}
@@ -336,7 +342,9 @@ TALER_denom_priv_free (struct TALER_DenominationPrivateKey
*denom_priv)
}
denom_priv->cipher = TALER_DENOMINATION_INVALID;
return;
- // TODO: add case for Clause-Schnorr
+ case TALER_DENOMINATION_CS:
+ // TODO: ATM nothing needs to be freed, but check again after
implementation.
+ return;
default:
GNUNET_assert (0);
}
@@ -358,7 +366,9 @@ TALER_denom_sig_free (struct TALER_DenominationSignature
*denom_sig)
}
denom_sig->cipher = TALER_DENOMINATION_INVALID;
return;
- // TODO: add case for Clause-Schnorr
+ case TALER_DENOMINATION_CS:
+ // TODO: ATM nothing needs to be freed, but check again after
implementation.
+ return;
default:
GNUNET_assert (0);
}
@@ -382,7 +392,9 @@ TALER_blinded_denom_sig_free (
}
denom_sig->cipher = TALER_DENOMINATION_INVALID;
return;
- // TODO: add case for Clause-Schnorr
+ case TALER_DENOMINATION_CS:
+ // TODO: ATM nothing needs to be freed, but check again after
implementation.
+ return;
default:
GNUNET_assert (0);
}
diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c
index 5ee06487..12f9e64c 100644
--- a/src/util/test_crypto.c
+++ b/src/util/test_crypto.c
@@ -82,7 +82,7 @@ test_high_level (void)
* @return 0 on success
*/
static int
-test_planchets (void)
+test_planchets_rsa (void)
{
struct TALER_PlanchetSecretsP ps;
struct TALER_DenominationPrivateKey dk_priv;
@@ -92,12 +92,23 @@ test_planchets (void)
struct TALER_FreshCoin coin;
struct TALER_CoinPubHash c_hash;
+
+ GNUNET_assert (GNUNET_SYSERR ==
+ TALER_denom_priv_create (&dk_priv,
+ &dk_pub,
+ TALER_DENOMINATION_INVALID));
+
+ GNUNET_assert (GNUNET_SYSERR ==
+ TALER_denom_priv_create (&dk_priv,
+ &dk_pub,
+ 42));
+
GNUNET_assert (GNUNET_OK ==
TALER_denom_priv_create (&dk_priv,
&dk_pub,
TALER_DENOMINATION_RSA,
1024));
- TALER_planchet_setup_random (&ps);
+ TALER_planchet_setup_random (&ps, TALER_DENOMINATION_RSA);
GNUNET_assert (GNUNET_OK ==
TALER_planchet_prepare (&dk_pub,
&ps,
@@ -106,8 +117,7 @@ test_planchets (void)
GNUNET_assert (GNUNET_OK ==
TALER_denom_sign_blinded (&blind_sig,
&dk_priv,
- pd.coin_ev,
- pd.coin_ev_size));
+ &pd.blinded_planchet));
GNUNET_assert (GNUNET_OK ==
TALER_planchet_to_coin (&dk_pub,
&blind_sig,
@@ -122,6 +132,66 @@ test_planchets (void)
}
+/**
+ * Test the basic planchet functionality of creating a fresh planchet with CS
denomination
+ * and extracting the respective signature.
+ *
+ * @return 0 on success
+ */
+static int
+test_planchets_cs (void)
+{
+ // struct TALER_PlanchetSecretsP ps;
+ struct TALER_DenominationPrivateKey dk_priv;
+ struct TALER_DenominationPublicKey dk_pub;
+ // struct TALER_PlanchetDetail pd;
+ // struct TALER_BlindedDenominationSignature blind_sig;
+ // struct TALER_FreshCoin coin;
+ // struct TALER_CoinPubHash c_hash;
+ // struct TALER_PlanchetDeriveCsBlindingSecrets seed;
+
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_priv_create (&dk_priv,
+ &dk_pub,
+ TALER_DENOMINATION_CS));
+
+ // seed.secret = "test secret";
+ // seed.secret_len = strlen ("test secret");
+
+ // TODO: Probably need to adjust GNUNET CS implementation for the CSNonce
creation and afterwards adjust the derive function
+ // TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS, &seed);
+
+ // GNUNET_assert (GNUNET_OK ==
+ // TALER_planchet_prepare (&dk_pub,
+ // &ps,
+ // &c_hash,
+ // &pd));
+
+
+ // TALER_blinded_denom_sig_free (&blind_sig);
+ // TALER_denom_sig_free (&coin.sig);
+ TALER_denom_priv_free (&dk_priv);
+ TALER_denom_pub_free (&dk_pub);
+ return 0;
+}
+
+
+/**
+ * Test the basic planchet functionality of creating a fresh planchet
+ * and extracting the respective signature.
+ * Calls test_planchets_rsa and test_planchets_cs
+ *
+ * @return 0 on success
+ */
+static int
+test_planchets (void)
+{
+ if (0 != test_planchets_rsa ())
+ return -1;
+ return test_planchets_cs ();
+}
+
+
static int
test_exchange_sigs (void)
{
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c
index ac4ae1dc..e51fa26e 100644
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@@ -270,13 +270,15 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper
*dh)
struct TALER_PlanchetSecretsP ps;
struct TALER_CoinPubHash c_hash;
- TALER_planchet_setup_random (&ps);
+ TALER_planchet_setup_random (&ps, TALER_DENOMINATION_RSA);
for (unsigned int i = 0; i<MAX_KEYS; i++)
{
if (! keys[i].valid)
continue;
{
struct TALER_PlanchetDetail pd;
+ pd.blinded_planchet.cipher = TALER_DENOMINATION_RSA;
+ // keys[i].denom_pub.cipher = TALER_DENOMINATION_CS;
GNUNET_assert (GNUNET_YES ==
TALER_planchet_prepare (&keys[i].denom_pub,
@@ -285,14 +287,19 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper
*dh)
&pd));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Requesting signature over %u bytes with key %s\n",
- (unsigned int) pd.coin_ev_size,
+ (unsigned
+ int) pd.blinded_planchet.details.rsa_blinded_planchet.
+ blinded_msg_size,
GNUNET_h2s (&keys[i].h_rsa.hash));
ds = TALER_CRYPTO_helper_rsa_sign (dh,
&keys[i].h_rsa,
- pd.coin_ev,
- pd.coin_ev_size,
+ pd.blinded_planchet.details.
+ rsa_blinded_planchet.blinded_msg,
+ pd.blinded_planchet.details.
+ rsa_blinded_planchet.blinded_msg_size,
&ec);
- GNUNET_free (pd.coin_ev);
+ GNUNET_free (
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
switch (ec)
{
@@ -419,7 +426,7 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh,
struct GNUNET_TIME_Relative duration;
struct TALER_PlanchetSecretsP ps;
- TALER_planchet_setup_random (&ps);
+ TALER_planchet_setup_random (&ps, TALER_DENOMINATION_RSA);
duration = GNUNET_TIME_UNIT_ZERO;
TALER_CRYPTO_helper_rsa_poll (dh);
for (unsigned int j = 0; j<NUM_SIGN_PERFS;)
@@ -455,8 +462,11 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper
*dh,
ds = TALER_CRYPTO_helper_rsa_sign (dh,
&keys[i].h_rsa,
- pd.coin_ev,
- pd.coin_ev_size,
+ pd.blinded_planchet.details.
+ rsa_blinded_planchet.blinded_msg,
+ pd.blinded_planchet.details.
+ rsa_blinded_planchet.
+ blinded_msg_size,
&ec);
if (TALER_EC_NONE != ec)
break;
@@ -468,7 +478,8 @@ perf_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh,
if (NUM_SIGN_PERFS <= j)
break;
}
- GNUNET_free (pd.coin_ev);
+ GNUNET_free (
+ pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg);
}
} /* for i */
} /* for j */
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-exchange] branch master updated (0a459aeb -> a6778607), gnunet, 2022/02/04
- [taler-exchange] 03/37: added CS get R functionality and planchet setup, gnunet, 2022/02/04
- [taler-exchange] 01/37: added CS data structures, implemented CS keypair,
gnunet <=
- [taler-exchange] 04/37: implemented planchet_prepare for CS, gnunet, 2022/02/04
- [taler-exchange] 05/37: sign_blinded implementation, gnunet, 2022/02/04
- [taler-exchange] 09/37: utility functions, gnunet, 2022/02/04
- [taler-exchange] 02/37: CS planchet create and withdraw create, gnunet, 2022/02/04
- [taler-exchange] 12/37: fix const due to changes in TALER_planchet_prepare, gnunet, 2022/02/04
- [taler-exchange] 18/37: implement TALER_CRYPTO_helper_cs_r_derive and related tests, gnunet, 2022/02/04
- [taler-exchange] 06/37: add sign and verify implementation, gnunet, 2022/02/04
- [taler-exchange] 07/37: implement exchange_api_csr, gnunet, 2022/02/04
- [taler-exchange] 13/37: secmod cs signatures implementation, gnunet, 2022/02/04
- [taler-exchange] 11/37: clean up cs implementation, gnunet, 2022/02/04