diff options
author | Christian Grothoff <christian@grothoff.org> | 2015-01-27 18:49:02 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2015-01-27 18:49:02 +0100 |
commit | 019af0919e3fbe2f831f92728fd95eb7ea505da9 (patch) | |
tree | 6b2b79d6462001b1c66f25d5dbff07d27753df43 | |
parent | c3731d0df7e03561c7da777b5f75ba53206a38b5 (diff) | |
download | exchange-019af0919e3fbe2f831f92728fd95eb7ea505da9.tar.gz exchange-019af0919e3fbe2f831f92728fd95eb7ea505da9.zip |
mint-httpd_db.c now compiles again
-rw-r--r-- | src/include/taler_util.h | 16 | ||||
-rw-r--r-- | src/mint/mint.h | 6 | ||||
-rw-r--r-- | src/mint/mint_db.c | 4 | ||||
-rw-r--r-- | src/mint/taler-mint-httpd_db.c | 45 | ||||
-rw-r--r-- | src/util/crypto.c | 27 |
5 files changed, 65 insertions, 33 deletions
diff --git a/src/include/taler_util.h b/src/include/taler_util.h index 3c901b3fa..db6f22e68 100644 --- a/src/include/taler_util.h +++ b/src/include/taler_util.h | |||
@@ -285,6 +285,22 @@ struct TALER_RefreshLinkDecrypted | |||
285 | 285 | ||
286 | 286 | ||
287 | /** | 287 | /** |
288 | * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc | ||
289 | * to obtain the @a secret to decrypt the linkage data. | ||
290 | * | ||
291 | * @param secret_enc encrypted secret (FIXME: use different type!) | ||
292 | * @param trans_sec transfer secret (FIXME: use different type?) | ||
293 | * @param secret shared secret for refresh link decryption | ||
294 | * (FIXME: use different type?) | ||
295 | * @return #GNUNET_OK on success | ||
296 | */ | ||
297 | int | ||
298 | TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, | ||
299 | const struct GNUNET_HashCode *trans_sec, | ||
300 | struct GNUNET_HashCode *secret); | ||
301 | |||
302 | |||
303 | /** | ||
288 | * Decrypt refresh link information. | 304 | * Decrypt refresh link information. |
289 | * | 305 | * |
290 | * @param input encrypted refresh link data | 306 | * @param input encrypted refresh link data |
diff --git a/src/mint/mint.h b/src/mint/mint.h index 010ff4d5f..bf8dfcfd3 100644 --- a/src/mint/mint.h +++ b/src/mint/mint.h | |||
@@ -179,10 +179,10 @@ struct RefreshCommitLink | |||
179 | struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub; | 179 | struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub; |
180 | 180 | ||
181 | /** | 181 | /** |
182 | * FIXME: this can't be exactly the shared secret, must | 182 | * FIXME: this is the encrypted shared secret, should use |
183 | * be a commitment to it or something. | 183 | * a different type... |
184 | */ | 184 | */ |
185 | struct GNUNET_HashCode shared_secret; | 185 | struct GNUNET_HashCode shared_secret_enc; |
186 | }; | 186 | }; |
187 | 187 | ||
188 | 188 | ||
diff --git a/src/mint/mint_db.c b/src/mint/mint_db.c index 2b0ebc955..f6fff7e5c 100644 --- a/src/mint/mint_db.c +++ b/src/mint/mint_db.c | |||
@@ -1172,7 +1172,7 @@ TALER_MINT_DB_insert_refresh_commit_link (PGconn *db_conn, | |||
1172 | TALER_DB_QUERY_PARAM_PTR(&commit_link->transfer_pub), | 1172 | TALER_DB_QUERY_PARAM_PTR(&commit_link->transfer_pub), |
1173 | TALER_DB_QUERY_PARAM_PTR(&cnc_index_nbo), | 1173 | TALER_DB_QUERY_PARAM_PTR(&cnc_index_nbo), |
1174 | TALER_DB_QUERY_PARAM_PTR(&oldcoin_index_nbo), | 1174 | TALER_DB_QUERY_PARAM_PTR(&oldcoin_index_nbo), |
1175 | TALER_DB_QUERY_PARAM_PTR(&commit_link->shared_secret), | 1175 | TALER_DB_QUERY_PARAM_PTR(&commit_link->shared_secret_enc), |
1176 | TALER_DB_QUERY_PARAM_END | 1176 | TALER_DB_QUERY_PARAM_END |
1177 | }; | 1177 | }; |
1178 | 1178 | ||
@@ -1232,7 +1232,7 @@ TALER_MINT_DB_get_refresh_commit_link (PGconn *db_conn, | |||
1232 | 1232 | ||
1233 | struct TALER_DB_ResultSpec rs[] = { | 1233 | struct TALER_DB_ResultSpec rs[] = { |
1234 | TALER_DB_RESULT_SPEC("transfer_pub", &cc->transfer_pub), | 1234 | TALER_DB_RESULT_SPEC("transfer_pub", &cc->transfer_pub), |
1235 | TALER_DB_RESULT_SPEC("link_secret_enc", &cc->shared_secret), | 1235 | TALER_DB_RESULT_SPEC("link_secret_enc", &cc->shared_secret_enc), |
1236 | TALER_DB_RESULT_SPEC_END | 1236 | TALER_DB_RESULT_SPEC_END |
1237 | }; | 1237 | }; |
1238 | 1238 | ||
diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c index 874ac72ee..ee2634ace 100644 --- a/src/mint/taler-mint-httpd_db.c +++ b/src/mint/taler-mint-httpd_db.c | |||
@@ -953,10 +953,10 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, | |||
953 | return MHD_NO; | 953 | return MHD_NO; |
954 | } | 954 | } |
955 | 955 | ||
956 | if (0 >= TALER_refresh_decrypt (commit_link.shared_secret_enc, | 956 | if (GNUNET_OK != |
957 | TALER_REFRESH_SHARED_SECRET_LENGTH, | 957 | TALER_transfer_decrypt (&commit_link.shared_secret_enc, |
958 | &transfer_secret, | 958 | &transfer_secret, |
959 | &shared_secret)) | 959 | &shared_secret)) |
960 | { | 960 | { |
961 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 961 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
962 | "decryption failed\n"); | 962 | "decryption failed\n"); |
@@ -1001,16 +1001,14 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, | |||
1001 | for (j = 0; j < refresh_session.num_newcoins; j++) | 1001 | for (j = 0; j < refresh_session.num_newcoins; j++) |
1002 | { | 1002 | { |
1003 | struct RefreshCommitCoin commit_coin; | 1003 | struct RefreshCommitCoin commit_coin; |
1004 | struct LinkData link_data; | 1004 | struct TALER_RefreshLinkDecrypted *link_data; |
1005 | // struct BlindedSignaturePurpose *coin_ev_check; | 1005 | // struct BlindedSignaturePurpose *coin_ev_check; |
1006 | struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub; | 1006 | struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub; |
1007 | struct GNUNET_CRYPTO_rsa_BlindingKey *bkey; | ||
1008 | struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub; | 1007 | struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub; |
1009 | struct GNUNET_HashCode h_msg; | 1008 | struct GNUNET_HashCode h_msg; |
1010 | char *buf; | 1009 | char *buf; |
1011 | size_t buf_len; | 1010 | size_t buf_len; |
1012 | 1011 | ||
1013 | bkey = NULL; | ||
1014 | res = TALER_MINT_DB_get_refresh_commit_coin (db_conn, | 1012 | res = TALER_MINT_DB_get_refresh_commit_coin (db_conn, |
1015 | refresh_session_pub, | 1013 | refresh_session_pub, |
1016 | i+off, j, | 1014 | i+off, j, |
@@ -1022,11 +1020,9 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, | |||
1022 | return MHD_NO; | 1020 | return MHD_NO; |
1023 | } | 1021 | } |
1024 | 1022 | ||
1025 | 1023 | link_data = TALER_refresh_decrypt (commit_coin.refresh_link, | |
1026 | if (0 >= TALER_refresh_decrypt (commit_coin.link_enc, | 1024 | &last_shared_secret); |
1027 | sizeof (struct LinkData), | 1025 | if (NULL == link_data) |
1028 | &last_shared_secret, | ||
1029 | &link_data)) | ||
1030 | { | 1026 | { |
1031 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | 1027 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, |
1032 | "decryption failed\n"); | 1028 | "decryption failed\n"); |
@@ -1034,16 +1030,8 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, | |||
1034 | return MHD_NO; | 1030 | return MHD_NO; |
1035 | } | 1031 | } |
1036 | 1032 | ||
1037 | GNUNET_CRYPTO_ecdsa_key_get_public (&link_data.coin_priv, | 1033 | GNUNET_CRYPTO_ecdsa_key_get_public (&link_data->coin_priv, |
1038 | &coin_pub); | 1034 | &coin_pub); |
1039 | if (NULL == (bkey = GNUNET_CRYPTO_rsa_blinding_key_decode (link_data.bkey_enc, | ||
1040 | link_data.bkey_enc_size))) | ||
1041 | { | ||
1042 | GNUNET_log (GNUNET_ERROR_TYPE_ERROR, | ||
1043 | "Invalid blinding key\n"); | ||
1044 | // FIXME: return error code! | ||
1045 | return MHD_NO; | ||
1046 | } | ||
1047 | denom_pub = TALER_MINT_DB_get_refresh_order (db_conn, | 1035 | denom_pub = TALER_MINT_DB_get_refresh_order (db_conn, |
1048 | j, | 1036 | j, |
1049 | refresh_session_pub); | 1037 | refresh_session_pub); |
@@ -1060,7 +1048,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, | |||
1060 | &h_msg); | 1048 | &h_msg); |
1061 | if (0 == (buf_len = | 1049 | if (0 == (buf_len = |
1062 | GNUNET_CRYPTO_rsa_blind (&h_msg, | 1050 | GNUNET_CRYPTO_rsa_blind (&h_msg, |
1063 | bkey, | 1051 | link_data->blinding_key, |
1064 | denom_pub, | 1052 | denom_pub, |
1065 | &buf))) | 1053 | &buf))) |
1066 | { | 1054 | { |
@@ -1133,7 +1121,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, | |||
1133 | } | 1121 | } |
1134 | ev_sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv, | 1122 | ev_sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv, |
1135 | commit_coin.coin_ev, | 1123 | commit_coin.coin_ev, |
1136 | commit_coin.coin_ev_len); | 1124 | commit_coin.coin_ev_size); |
1137 | if (NULL == ev_sig) | 1125 | if (NULL == ev_sig) |
1138 | { | 1126 | { |
1139 | GNUNET_break (0); | 1127 | GNUNET_break (0); |
@@ -1182,7 +1170,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, | |||
1182 | */ | 1170 | */ |
1183 | static int | 1171 | static int |
1184 | link_iter (void *cls, | 1172 | link_iter (void *cls, |
1185 | const struct LinkDataEnc *link_data_enc, | 1173 | const struct TALER_RefreshLinkEncrypted *link_data_enc, |
1186 | const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub, | 1174 | const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub, |
1187 | const struct GNUNET_CRYPTO_rsa_Signature *ev_sig) | 1175 | const struct GNUNET_CRYPTO_rsa_Signature *ev_sig) |
1188 | { | 1176 | { |
@@ -1195,8 +1183,9 @@ link_iter (void *cls, | |||
1195 | json_array_append_new (list, obj); | 1183 | json_array_append_new (list, obj); |
1196 | 1184 | ||
1197 | json_object_set_new (obj, "link_enc", | 1185 | json_object_set_new (obj, "link_enc", |
1198 | TALER_JSON_from_data (link_data_enc, | 1186 | TALER_JSON_from_data (link_data_enc->coin_priv_enc, |
1199 | sizeof (struct LinkDataEnc))); | 1187 | sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey) + |
1188 | link_data_enc->blinding_key_enc_size)); | ||
1200 | 1189 | ||
1201 | buf_len = GNUNET_CRYPTO_rsa_public_key_encode (denom_pub, | 1190 | buf_len = GNUNET_CRYPTO_rsa_public_key_encode (denom_pub, |
1202 | &buf); | 1191 | &buf); |
@@ -1231,7 +1220,7 @@ TALER_MINT_db_execute_refresh_link (struct MHD_Connection *connection, | |||
1231 | json_t *list; | 1220 | json_t *list; |
1232 | PGconn *db_conn; | 1221 | PGconn *db_conn; |
1233 | struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub; | 1222 | struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub; |
1234 | struct SharedSecretEnc shared_secret_enc; | 1223 | struct GNUNET_HashCode shared_secret_enc; |
1235 | 1224 | ||
1236 | if (NULL == (db_conn = TALER_MINT_DB_get_connection ())) | 1225 | if (NULL == (db_conn = TALER_MINT_DB_get_connection ())) |
1237 | { | 1226 | { |
@@ -1287,7 +1276,7 @@ TALER_MINT_db_execute_refresh_link (struct MHD_Connection *connection, | |||
1287 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey))); | 1276 | sizeof (struct GNUNET_CRYPTO_EddsaPublicKey))); |
1288 | json_object_set_new (root, "secret_enc", | 1277 | json_object_set_new (root, "secret_enc", |
1289 | TALER_JSON_from_data (&shared_secret_enc, | 1278 | TALER_JSON_from_data (&shared_secret_enc, |
1290 | sizeof (struct SharedSecretEnc))); | 1279 | sizeof (struct GNUNET_HashCode))); |
1291 | return TALER_MINT_reply_json (connection, | 1280 | return TALER_MINT_reply_json (connection, |
1292 | root, | 1281 | root, |
1293 | MHD_HTTP_OK); | 1282 | MHD_HTTP_OK); |
diff --git a/src/util/crypto.c b/src/util/crypto.c index b4a4a718b..930c43a7f 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c | |||
@@ -84,6 +84,33 @@ derive_refresh_key (const struct GNUNET_HashCode *secret, | |||
84 | 84 | ||
85 | 85 | ||
86 | /** | 86 | /** |
87 | * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc | ||
88 | * to obtain the @a secret to decrypt the linkage data. | ||
89 | * | ||
90 | * @param secret_enc encrypted secret (FIXME: use different type!) | ||
91 | * @param trans_sec transfer secret (FIXME: use different type?) | ||
92 | * @param secret shared secret for refresh link decryption | ||
93 | * (FIXME: use different type?) | ||
94 | * @return #GNUNET_OK on success | ||
95 | */ | ||
96 | int | ||
97 | TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, | ||
98 | const struct GNUNET_HashCode *trans_sec, | ||
99 | struct GNUNET_HashCode *secret) | ||
100 | { | ||
101 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | ||
102 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | ||
103 | |||
104 | derive_refresh_key (trans_sec, &iv, &skey); | ||
105 | return GNUNET_CRYPTO_symmetric_decrypt (secret_enc, | ||
106 | sizeof (struct GNUNET_HashCode), | ||
107 | &skey, | ||
108 | &iv, | ||
109 | secret); | ||
110 | } | ||
111 | |||
112 | |||
113 | /** | ||
87 | * Decrypt refresh link information. | 114 | * Decrypt refresh link information. |
88 | * | 115 | * |
89 | * @param input encrypted refresh link data | 116 | * @param input encrypted refresh link data |