[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] 08/37: fixed CS signatures and cleanup/refactoring
|
From: |
gnunet |
|
Subject: |
[taler-exchange] 08/37: fixed CS signatures and cleanup/refactoring |
|
Date: |
Fri, 04 Feb 2022 16:53:38 +0100 |
This is an automated email from the git hooks/post-receive script.
gian-demarmels pushed a commit to branch master
in repository exchange.
commit ca247f6f5821415b8c3437916e473785d6fd6403
Author: Gian Demarmels <gian@demarmels.org>
AuthorDate: Mon Dec 27 16:21:26 2021 +0100
fixed CS signatures and cleanup/refactoring
---
src/include/taler_crypto_lib.h | 89 +++++++-----------------------------------
src/util/crypto.c | 12 +++---
src/util/denom.c | 49 ++++++-----------------
src/util/test_crypto.c | 24 +++++-------
4 files changed, 40 insertions(+), 134 deletions(-)
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 87e38896..3de843a2 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -353,12 +353,12 @@ struct TALER_CoinSpendSignatureP
/**
* @brief Type of blinding keys for Taler.
- * must be 32 bytes
+ * must be 32 bytes (DB)
*/
union TALER_DenominationBlindingKeyP
{
/**
- * Clause Schnorr Signatures have 2 blinding secrets, each containing two
unpredictable values.
+ * Clause Schnorr Signatures have 2 blinding secrets, each containing two
unpredictable values. (must be 32 bytes)
*/
struct GNUNET_CRYPTO_CsNonce nonce;
@@ -618,10 +618,9 @@ struct TALER_DenominationSignature
};
/**
- * The Sign Answer for Clause B lind Schnorr signature.
+ * The Sign Answer for Clause Blind Schnorr signature.
* The sign operation returns a parameter @param b and the signature
* scalar @param s_scalar.
- * The function does not return the whole signature, due to that is only the
blinded s_scalar.
*/
struct TALER_BlindedDenominationCsSignAnswer
{
@@ -833,57 +832,6 @@ struct TALER_DenominationCsPrivateR
struct GNUNET_CRYPTO_CsRSecret r[2];
};
-/**
- * @brief RSA Parameters to create blinded messages
- *
- */
-struct TALER_DenominationBlindMessageRsaParams
-{
- /**
- * blinded message to be signed
- * Note: is malloc()'ed!
- */
- void **coin_ev;
-
- /**
- * size of the blinded message to be signed
- */
- size_t *coin_ev_size;
-};
-
-
-/**
- * @brief CS Parameters to create blinded messages
- *
- */
-struct TALER_DenominationBlindMessageCsParams
-{
-
-};
-
-/**
- * @brief Type including Parameters to create blinded message
- *
- */
-struct TALER_DenominationBlindMessageParams
-{
- /**
- * Details, depending on @e cipher.
- */
- union
- {
- /**
- * If we use #TALER_DENOMINATION_CS in @a cipher.
- */
- struct TALER_DenominationBlindMessageCsParams cs_blind_msg_params;
-
- /**
- * If we use #TALER_DENOMINATION_RSA in @a cipher.
- */
- struct TALER_DenominationBlindMessageRsaParams rsa_blind_msg_params;
-
- } details;
-};
/**
* @brief Public information about a coin (including the public key
@@ -968,6 +916,9 @@ TALER_cs_withdraw_nonce_derive (const struct
* Create a blinding secret @a bs for @a cipher.
*
* @param[out] bs blinding secret to initialize
+ * @param cipher algorithm to use (CS or RSA)
+ * @param ... If CS signature, R_0 and R_1 (TALER_DenominationCsPublicR)
+ * and the coins private key is needed
*/
void
TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs,
@@ -1013,20 +964,6 @@ void
TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig);
-/**
- * Function for CS signatures to derive the secret r_0 and r_1
- *
- * @param nonce withdraw nonce from a client
- * @param denom_priv denomination privkey as long-term secret
- * @param r the resulting r_0 and r_1
- * @return enum GNUNET_GenericReturnValue, returns SYSERR when denom key has
wrong type
- */
-enum GNUNET_GenericReturnValue
-TALER_denom_cs_derive_r_secret (const struct TALER_WithdrawNonce *nonce,
- const struct
- TALER_DenominationPrivateKey *denom_priv,
- struct TALER_DenominationCsPrivateR *r);
-
/**
* @brief Function for CS signatures to derive public R_0 and R_1
*
@@ -1053,6 +990,7 @@ TALER_denom_cs_derive_r_public (const struct
TALER_WithdrawNonce *nonce,
* @param[out] c_hash resulting hashed coin
* @param[out] coin_ev blinded coin to submit
* @param[out] coin_ev_size number of bytes in @a coin_ev
+ * @param ... cipher-specific parameters
* @return #GNUNET_OK on success
*/
enum GNUNET_GenericReturnValue
@@ -1070,8 +1008,8 @@ TALER_denom_blind (const struct
TALER_DenominationPublicKey *dk,
*
* @param[out] denom_sig where to write the signature
* @param denom_priv private key to use for signing
- * @param blinded_msg message to sign
- * @param blinded_msg_size number of bytes in @a blinded_msg
+ * @param blinded_planchet the planchet already blinded
+ * @param ... If CS signature, a TALER_WithdrawNonce is needed
* @return #GNUNET_OK on success
*/
enum GNUNET_GenericReturnValue
@@ -1088,6 +1026,7 @@ TALER_denom_sign_blinded (struct
TALER_BlindedDenominationSignature *denom_sig,
* @param bdenom_sig the blinded signature
* @param bks blinding secret to use
* @param denom_pub public key used for signing
+ * @param ... cipher-specific parameters
* @return #GNUNET_OK on success
*/
enum GNUNET_GenericReturnValue
@@ -1125,7 +1064,7 @@ TALER_denom_pub_hash (const struct
TALER_DenominationPublicKey *denom_pub,
* @a denom_dst.
*
* @param[out] denom_dst target to copy to
- * @param denom_str public key to copy
+ * @param denom_src public key to copy
*/
void
TALER_denom_pub_deep_copy (struct TALER_DenominationPublicKey *denom_dst,
@@ -1137,7 +1076,7 @@ TALER_denom_pub_deep_copy (struct
TALER_DenominationPublicKey *denom_dst,
* @a denom_dst.
*
* @param[out] denom_dst target to copy to
- * @param denom_str public key to copy
+ * @param denom_src public key to copy
*/
void
TALER_denom_sig_deep_copy (struct TALER_DenominationSignature *denom_dst,
@@ -1149,7 +1088,7 @@ TALER_denom_sig_deep_copy (struct
TALER_DenominationSignature *denom_dst,
* @a denom_dst.
*
* @param[out] denom_dst target to copy to
- * @param denom_str public key to copy
+ * @param denom_src public key to copy
*/
void
TALER_blinded_denom_sig_deep_copy (
@@ -1466,6 +1405,7 @@ TALER_planchet_setup_random (struct
TALER_PlanchetSecretsP *ps,
* @param[out] c_hash set to the hash of the public key of the coin (needed
later)
* @param[out] pd set to the planchet detail for TALER_MERCHANT_tip_pickup()
and
* other withdraw operations
+ * @param ... cipher-specific parameters
* @return #GNUNET_OK on success
*/
enum GNUNET_GenericReturnValue
@@ -1485,6 +1425,7 @@ TALER_planchet_prepare (const struct
TALER_DenominationPublicKey *dk,
* @param ps secrets from #TALER_planchet_prepare()
* @param c_hash hash of the coin's public key for verification of the
signature
* @param[out] coin set to the details of the fresh coin
+ * @param ... cipher-specific parameters
* @return #GNUNET_OK on success
*/
enum GNUNET_GenericReturnValue
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 03a438d2..1e5033a0 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -247,7 +247,7 @@ TALER_blinding_secret_create (union
TALER_DenominationBlindingKeyP *bs,
/**
* @brief setup a random planchet
* In Case of RSA planchet, the bks gets set
- * In Case of Schnorr this will be set in future
+ * In Case of Clause Schnorr this will be set in future
*/
void
TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps,
@@ -307,11 +307,9 @@ TALER_planchet_prepare (const struct
TALER_DenominationPublicKey *dk,
{
va_list ap;
va_start (ap, pd);
- struct TALER_WithdrawNonce *nonce;
struct TALER_DenominationCsPublicR *r_pub;
struct TALER_DenominationCsPublicR *blinded_r_pub;
- nonce = va_arg (ap, struct TALER_WithdrawNonce *);
r_pub = va_arg (ap, struct TALER_DenominationCsPublicR *);
blinded_r_pub = va_arg (ap, struct TALER_DenominationCsPublicR *);
@@ -322,7 +320,6 @@ TALER_planchet_prepare (const struct
TALER_DenominationPublicKey *dk,
&coin_pub,
c_hash,
&pd->blinded_planchet,
- nonce,
r_pub,
blinded_r_pub))
{
@@ -373,14 +370,14 @@ TALER_planchet_to_coin (
va_list ap;
va_start (ap, coin);
- struct TALER_DenominationCsPublicR *r_pub_dash;
- r_pub_dash = va_arg (ap, struct TALER_DenominationCsPublicR *);
+ struct TALER_DenominationCsPublicR *r_pub_blind;
+ r_pub_blind = va_arg (ap, struct TALER_DenominationCsPublicR *);
if (GNUNET_OK !=
TALER_denom_sig_unblind (&sig,
blind_sig,
&ps->blinding_key,
dk,
- r_pub_dash))
+ r_pub_blind))
{
GNUNET_break_op (0);
va_end (ap);
@@ -403,6 +400,7 @@ TALER_planchet_to_coin (
TALER_denom_sig_free (&sig);
return GNUNET_SYSERR;
}
+
coin->sig = sig;
coin->coin_priv = ps->coin_priv;
return GNUNET_OK;
diff --git a/src/util/denom.c b/src/util/denom.c
index ada2289c..12b499aa 100644
--- a/src/util/denom.c
+++ b/src/util/denom.c
@@ -81,25 +81,6 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey
*denom_priv,
}
-enum GNUNET_GenericReturnValue
-TALER_denom_cs_derive_r_secret (const struct TALER_WithdrawNonce *nonce,
- const struct
- TALER_DenominationPrivateKey *denom_priv,
- struct TALER_DenominationCsPrivateR *r)
-{
- if (denom_priv->cipher != TALER_DENOMINATION_CS)
- {
- GNUNET_break (0);
- return GNUNET_SYSERR;
- }
-
- GNUNET_CRYPTO_cs_r_derive (&nonce->nonce,
- &denom_priv->details.cs_private_key,
- r->r);
- return GNUNET_OK;
-}
-
-
enum GNUNET_GenericReturnValue
TALER_denom_cs_derive_r_public (const struct TALER_WithdrawNonce *nonce,
const struct
@@ -216,26 +197,19 @@ TALER_denom_sig_unblind (
{
va_list ap;
va_start (ap, denom_pub);
- struct TALER_DenominationCsPublicR *r_pub_dash;
- r_pub_dash = va_arg (ap, struct TALER_DenominationCsPublicR *);
+ struct TALER_DenominationCsPublicR *r_pub_blind;
+ r_pub_blind = va_arg (ap, struct TALER_DenominationCsPublicR *);
struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
GNUNET_CRYPTO_cs_blinding_secrets_derive (&bks->nonce, bs);
- struct GNUNET_CRYPTO_CsS s_scalar;
-
GNUNET_CRYPTO_cs_unblind
(&bdenom_sig->details.blinded_cs_answer.s_scalar,
&bs[bdenom_sig->details.blinded_cs_answer.b],
- &s_scalar);
-
- // TODO: This seems to work, but is this a good idea?
- // Not working:
- // denom_sig->details.cs_signature.r_point =
r_pub_dash->r_pub[bdenom_sig->details.blinded_cs_answer.b];
- GNUNET_memcpy (&denom_sig->details.cs_signature, &s_scalar, sizeof(struct
-
GNUNET_CRYPTO_CsS));
- GNUNET_memcpy (&denom_sig->details.cs_signature + sizeof(struct
-
GNUNET_CRYPTO_CsS),
-
&r_pub_dash->r_pub[bdenom_sig->details.blinded_cs_answer.b],
+ &denom_sig->details.cs_signature.s_scalar);
+
+ GNUNET_memcpy (&denom_sig->details.cs_signature.r_point,
+
&r_pub_blind->r_pub[bdenom_sig->details.blinded_cs_answer.b
+ ],
sizeof(struct GNUNET_CRYPTO_CsRPublic));
denom_sig->cipher = TALER_DENOMINATION_CS;
@@ -362,16 +336,14 @@ TALER_denom_blind (const struct
TALER_DenominationPublicKey *dk,
{
va_list ap;
va_start (ap, blinded_planchet);
- struct TALER_WithdrawNonce *nonce;
struct TALER_DenominationCsPublicR *r_pub;
struct TALER_DenominationCsPublicR *blinded_r_pub;
- nonce = va_arg (ap, struct TALER_WithdrawNonce *);
r_pub = va_arg (ap, struct TALER_DenominationCsPublicR *);
blinded_r_pub = va_arg (ap, struct TALER_DenominationCsPublicR *);
struct GNUNET_CRYPTO_CsBlindingSecret bs[2];
- GNUNET_CRYPTO_cs_blinding_secrets_derive (&nonce->nonce, bs);
+ GNUNET_CRYPTO_cs_blinding_secrets_derive (&coin_bks->nonce, bs);
GNUNET_CRYPTO_cs_calc_blinded_c (bs,
r_pub->r_pub,
@@ -422,11 +394,12 @@ TALER_denom_pub_verify (const struct
TALER_DenominationPublicKey *denom_pub,
if (GNUNET_OK !=
GNUNET_CRYPTO_cs_verify (&denom_sig->details.cs_signature,
&denom_pub->details.cs_public_key,
- c_hash,
- sizeof(*c_hash)))
+ &c_hash->hash,
+ sizeof(struct GNUNET_HashCode)))
{
GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
"Coin signature is invalid\n");
+ // return GNUNET_YES;
return GNUNET_NO;
}
return GNUNET_YES;
diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c
index 64958cfc..760ec0fa 100644
--- a/src/util/test_crypto.c
+++ b/src/util/test_crypto.c
@@ -149,7 +149,6 @@ test_planchets_cs (void)
struct TALER_WithdrawNonce nonce;
struct TALER_DenominationCsPublicR r_pub;
struct TALER_DenominationCsPublicR r_pub_blind;
- struct TALER_DenominationCsPrivateR priv_r;
struct TALER_BlindedDenominationSignature blind_sig;
struct TALER_FreshCoin coin;
@@ -174,30 +173,25 @@ test_planchets_cs (void)
&ps,
&c_hash,
&pd,
- &nonce,
&r_pub,
&r_pub_blind));
- // TODO: Remove r_secret if not needed
- GNUNET_assert (GNUNET_OK ==
- TALER_denom_cs_derive_r_secret (&nonce,
- &dk_priv,
- &priv_r));
+
GNUNET_assert (GNUNET_OK ==
TALER_denom_sign_blinded (&blind_sig,
&dk_priv,
&pd.blinded_planchet,
&nonce));
- // GNUNET_assert (GNUNET_OK ==
- // TALER_planchet_to_coin (&dk_pub,
- // &blind_sig,
- // &ps,
- // &c_hash,
- // &coin,
- // &r_pub_blind));
+ GNUNET_assert (GNUNET_OK ==
+ TALER_planchet_to_coin (&dk_pub,
+ &blind_sig,
+ &ps,
+ &c_hash,
+ &coin,
+ &r_pub_blind));
TALER_blinded_denom_sig_free (&blind_sig);
- // TALER_denom_sig_free (&coin.sig);
+ TALER_denom_sig_free (&coin.sig);
TALER_denom_priv_free (&dk_priv);
TALER_denom_pub_free (&dk_pub);
return 0;
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-exchange] 09/37: utility functions, (continued)
- [taler-exchange] 09/37: utility functions, gnunet, 2022/02/04
- [taler-exchange] 02/37: CS planchet create and withdraw create, gnunet, 2022/02/04
- [taler-exchange] 12/37: fix const due to changes in TALER_planchet_prepare, gnunet, 2022/02/04
- [taler-exchange] 18/37: implement TALER_CRYPTO_helper_cs_r_derive and related tests, gnunet, 2022/02/04
- [taler-exchange] 06/37: add sign and verify implementation, gnunet, 2022/02/04
- [taler-exchange] 07/37: implement exchange_api_csr, gnunet, 2022/02/04
- [taler-exchange] 13/37: secmod cs signatures implementation, gnunet, 2022/02/04
- [taler-exchange] 11/37: clean up cs implementation, gnunet, 2022/02/04
- [taler-exchange] 16/37: revocation, gnunet, 2022/02/04
- [taler-exchange] 17/37: implement secmod cs derive R, gnunet, 2022/02/04
- [taler-exchange] 08/37: fixed CS signatures and cleanup/refactoring,
gnunet <=
- [taler-exchange] 14/37: initial cs_secmod implementation, gnunet, 2022/02/04
- [taler-exchange] 15/37: setup_key for cs secmod helper, gnunet, 2022/02/04
- [taler-exchange] 34/37: include denom_pub into coin_ev_hash, gnunet, 2022/02/04
- [taler-exchange] 36/37: denomination CIPHER field per denom, gnunet, 2022/02/04
- [taler-exchange] 21/37: secmod CS sign implementation, gnunet, 2022/02/04
- [taler-exchange] 22/37: cleanup, gnunet, 2022/02/04
- [taler-exchange] 23/37: implement withdraw (nonce reuse check missing), gnunet, 2022/02/04
- [taler-exchange] 10/37: remove varargs in cs crypto implementation, gnunet, 2022/02/04
- [taler-exchange] 31/37: introduce new type for security module pubkeys, gnunet, 2022/02/04
- [taler-exchange] 25/37: implement spend, gnunet, 2022/02/04