aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-01-27 18:49:02 +0100
committerChristian Grothoff <christian@grothoff.org>2015-01-27 18:49:02 +0100
commit019af0919e3fbe2f831f92728fd95eb7ea505da9 (patch)
tree6b2b79d6462001b1c66f25d5dbff07d27753df43
parentc3731d0df7e03561c7da777b5f75ba53206a38b5 (diff)
downloadexchange-019af0919e3fbe2f831f92728fd95eb7ea505da9.tar.gz
exchange-019af0919e3fbe2f831f92728fd95eb7ea505da9.zip
mint-httpd_db.c now compiles again
-rw-r--r--src/include/taler_util.h16
-rw-r--r--src/mint/mint.h6
-rw-r--r--src/mint/mint_db.c4
-rw-r--r--src/mint/taler-mint-httpd_db.c45
-rw-r--r--src/util/crypto.c27
5 files changed, 65 insertions, 33 deletions
diff --git a/src/include/taler_util.h b/src/include/taler_util.h
index 3c901b3fa..db6f22e68 100644
--- a/src/include/taler_util.h
+++ b/src/include/taler_util.h
@@ -285,6 +285,22 @@ struct TALER_RefreshLinkDecrypted
285 285
286 286
287/** 287/**
288 * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc
289 * to obtain the @a secret to decrypt the linkage data.
290 *
291 * @param secret_enc encrypted secret (FIXME: use different type!)
292 * @param trans_sec transfer secret (FIXME: use different type?)
293 * @param secret shared secret for refresh link decryption
294 * (FIXME: use different type?)
295 * @return #GNUNET_OK on success
296 */
297int
298TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc,
299 const struct GNUNET_HashCode *trans_sec,
300 struct GNUNET_HashCode *secret);
301
302
303/**
288 * Decrypt refresh link information. 304 * Decrypt refresh link information.
289 * 305 *
290 * @param input encrypted refresh link data 306 * @param input encrypted refresh link data
diff --git a/src/mint/mint.h b/src/mint/mint.h
index 010ff4d5f..bf8dfcfd3 100644
--- a/src/mint/mint.h
+++ b/src/mint/mint.h
@@ -179,10 +179,10 @@ struct RefreshCommitLink
179 struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub; 179 struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub;
180 180
181 /** 181 /**
182 * FIXME: this can't be exactly the shared secret, must 182 * FIXME: this is the encrypted shared secret, should use
183 * be a commitment to it or something. 183 * a different type...
184 */ 184 */
185 struct GNUNET_HashCode shared_secret; 185 struct GNUNET_HashCode shared_secret_enc;
186}; 186};
187 187
188 188
diff --git a/src/mint/mint_db.c b/src/mint/mint_db.c
index 2b0ebc955..f6fff7e5c 100644
--- a/src/mint/mint_db.c
+++ b/src/mint/mint_db.c
@@ -1172,7 +1172,7 @@ TALER_MINT_DB_insert_refresh_commit_link (PGconn *db_conn,
1172 TALER_DB_QUERY_PARAM_PTR(&commit_link->transfer_pub), 1172 TALER_DB_QUERY_PARAM_PTR(&commit_link->transfer_pub),
1173 TALER_DB_QUERY_PARAM_PTR(&cnc_index_nbo), 1173 TALER_DB_QUERY_PARAM_PTR(&cnc_index_nbo),
1174 TALER_DB_QUERY_PARAM_PTR(&oldcoin_index_nbo), 1174 TALER_DB_QUERY_PARAM_PTR(&oldcoin_index_nbo),
1175 TALER_DB_QUERY_PARAM_PTR(&commit_link->shared_secret), 1175 TALER_DB_QUERY_PARAM_PTR(&commit_link->shared_secret_enc),
1176 TALER_DB_QUERY_PARAM_END 1176 TALER_DB_QUERY_PARAM_END
1177 }; 1177 };
1178 1178
@@ -1232,7 +1232,7 @@ TALER_MINT_DB_get_refresh_commit_link (PGconn *db_conn,
1232 1232
1233 struct TALER_DB_ResultSpec rs[] = { 1233 struct TALER_DB_ResultSpec rs[] = {
1234 TALER_DB_RESULT_SPEC("transfer_pub", &cc->transfer_pub), 1234 TALER_DB_RESULT_SPEC("transfer_pub", &cc->transfer_pub),
1235 TALER_DB_RESULT_SPEC("link_secret_enc", &cc->shared_secret), 1235 TALER_DB_RESULT_SPEC("link_secret_enc", &cc->shared_secret_enc),
1236 TALER_DB_RESULT_SPEC_END 1236 TALER_DB_RESULT_SPEC_END
1237 }; 1237 };
1238 1238
diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c
index 874ac72ee..ee2634ace 100644
--- a/src/mint/taler-mint-httpd_db.c
+++ b/src/mint/taler-mint-httpd_db.c
@@ -953,10 +953,10 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
953 return MHD_NO; 953 return MHD_NO;
954 } 954 }
955 955
956 if (0 >= TALER_refresh_decrypt (commit_link.shared_secret_enc, 956 if (GNUNET_OK !=
957 TALER_REFRESH_SHARED_SECRET_LENGTH, 957 TALER_transfer_decrypt (&commit_link.shared_secret_enc,
958 &transfer_secret, 958 &transfer_secret,
959 &shared_secret)) 959 &shared_secret))
960 { 960 {
961 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 961 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
962 "decryption failed\n"); 962 "decryption failed\n");
@@ -1001,16 +1001,14 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
1001 for (j = 0; j < refresh_session.num_newcoins; j++) 1001 for (j = 0; j < refresh_session.num_newcoins; j++)
1002 { 1002 {
1003 struct RefreshCommitCoin commit_coin; 1003 struct RefreshCommitCoin commit_coin;
1004 struct LinkData link_data; 1004 struct TALER_RefreshLinkDecrypted *link_data;
1005 // struct BlindedSignaturePurpose *coin_ev_check; 1005 // struct BlindedSignaturePurpose *coin_ev_check;
1006 struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub; 1006 struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub;
1007 struct GNUNET_CRYPTO_rsa_BlindingKey *bkey;
1008 struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub; 1007 struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub;
1009 struct GNUNET_HashCode h_msg; 1008 struct GNUNET_HashCode h_msg;
1010 char *buf; 1009 char *buf;
1011 size_t buf_len; 1010 size_t buf_len;
1012 1011
1013 bkey = NULL;
1014 res = TALER_MINT_DB_get_refresh_commit_coin (db_conn, 1012 res = TALER_MINT_DB_get_refresh_commit_coin (db_conn,
1015 refresh_session_pub, 1013 refresh_session_pub,
1016 i+off, j, 1014 i+off, j,
@@ -1022,11 +1020,9 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
1022 return MHD_NO; 1020 return MHD_NO;
1023 } 1021 }
1024 1022
1025 1023 link_data = TALER_refresh_decrypt (commit_coin.refresh_link,
1026 if (0 >= TALER_refresh_decrypt (commit_coin.link_enc, 1024 &last_shared_secret);
1027 sizeof (struct LinkData), 1025 if (NULL == link_data)
1028 &last_shared_secret,
1029 &link_data))
1030 { 1026 {
1031 GNUNET_log (GNUNET_ERROR_TYPE_ERROR, 1027 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1032 "decryption failed\n"); 1028 "decryption failed\n");
@@ -1034,16 +1030,8 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
1034 return MHD_NO; 1030 return MHD_NO;
1035 } 1031 }
1036 1032
1037 GNUNET_CRYPTO_ecdsa_key_get_public (&link_data.coin_priv, 1033 GNUNET_CRYPTO_ecdsa_key_get_public (&link_data->coin_priv,
1038 &coin_pub); 1034 &coin_pub);
1039 if (NULL == (bkey = GNUNET_CRYPTO_rsa_blinding_key_decode (link_data.bkey_enc,
1040 link_data.bkey_enc_size)))
1041 {
1042 GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
1043 "Invalid blinding key\n");
1044 // FIXME: return error code!
1045 return MHD_NO;
1046 }
1047 denom_pub = TALER_MINT_DB_get_refresh_order (db_conn, 1035 denom_pub = TALER_MINT_DB_get_refresh_order (db_conn,
1048 j, 1036 j,
1049 refresh_session_pub); 1037 refresh_session_pub);
@@ -1060,7 +1048,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
1060 &h_msg); 1048 &h_msg);
1061 if (0 == (buf_len = 1049 if (0 == (buf_len =
1062 GNUNET_CRYPTO_rsa_blind (&h_msg, 1050 GNUNET_CRYPTO_rsa_blind (&h_msg,
1063 bkey, 1051 link_data->blinding_key,
1064 denom_pub, 1052 denom_pub,
1065 &buf))) 1053 &buf)))
1066 { 1054 {
@@ -1133,7 +1121,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
1133 } 1121 }
1134 ev_sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv, 1122 ev_sig = GNUNET_CRYPTO_rsa_sign (dki->denom_priv,
1135 commit_coin.coin_ev, 1123 commit_coin.coin_ev,
1136 commit_coin.coin_ev_len); 1124 commit_coin.coin_ev_size);
1137 if (NULL == ev_sig) 1125 if (NULL == ev_sig)
1138 { 1126 {
1139 GNUNET_break (0); 1127 GNUNET_break (0);
@@ -1182,7 +1170,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
1182 */ 1170 */
1183static int 1171static int
1184link_iter (void *cls, 1172link_iter (void *cls,
1185 const struct LinkDataEnc *link_data_enc, 1173 const struct TALER_RefreshLinkEncrypted *link_data_enc,
1186 const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub, 1174 const struct GNUNET_CRYPTO_rsa_PublicKey *denom_pub,
1187 const struct GNUNET_CRYPTO_rsa_Signature *ev_sig) 1175 const struct GNUNET_CRYPTO_rsa_Signature *ev_sig)
1188{ 1176{
@@ -1195,8 +1183,9 @@ link_iter (void *cls,
1195 json_array_append_new (list, obj); 1183 json_array_append_new (list, obj);
1196 1184
1197 json_object_set_new (obj, "link_enc", 1185 json_object_set_new (obj, "link_enc",
1198 TALER_JSON_from_data (link_data_enc, 1186 TALER_JSON_from_data (link_data_enc->coin_priv_enc,
1199 sizeof (struct LinkDataEnc))); 1187 sizeof (struct GNUNET_CRYPTO_EcdsaPrivateKey) +
1188 link_data_enc->blinding_key_enc_size));
1200 1189
1201 buf_len = GNUNET_CRYPTO_rsa_public_key_encode (denom_pub, 1190 buf_len = GNUNET_CRYPTO_rsa_public_key_encode (denom_pub,
1202 &buf); 1191 &buf);
@@ -1231,7 +1220,7 @@ TALER_MINT_db_execute_refresh_link (struct MHD_Connection *connection,
1231 json_t *list; 1220 json_t *list;
1232 PGconn *db_conn; 1221 PGconn *db_conn;
1233 struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub; 1222 struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub;
1234 struct SharedSecretEnc shared_secret_enc; 1223 struct GNUNET_HashCode shared_secret_enc;
1235 1224
1236 if (NULL == (db_conn = TALER_MINT_DB_get_connection ())) 1225 if (NULL == (db_conn = TALER_MINT_DB_get_connection ()))
1237 { 1226 {
@@ -1287,7 +1276,7 @@ TALER_MINT_db_execute_refresh_link (struct MHD_Connection *connection,
1287 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey))); 1276 sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)));
1288 json_object_set_new (root, "secret_enc", 1277 json_object_set_new (root, "secret_enc",
1289 TALER_JSON_from_data (&shared_secret_enc, 1278 TALER_JSON_from_data (&shared_secret_enc,
1290 sizeof (struct SharedSecretEnc))); 1279 sizeof (struct GNUNET_HashCode)));
1291 return TALER_MINT_reply_json (connection, 1280 return TALER_MINT_reply_json (connection,
1292 root, 1281 root,
1293 MHD_HTTP_OK); 1282 MHD_HTTP_OK);
diff --git a/src/util/crypto.c b/src/util/crypto.c
index b4a4a718b..930c43a7f 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -84,6 +84,33 @@ derive_refresh_key (const struct GNUNET_HashCode *secret,
84 84
85 85
86/** 86/**
87 * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc
88 * to obtain the @a secret to decrypt the linkage data.
89 *
90 * @param secret_enc encrypted secret (FIXME: use different type!)
91 * @param trans_sec transfer secret (FIXME: use different type?)
92 * @param secret shared secret for refresh link decryption
93 * (FIXME: use different type?)
94 * @return #GNUNET_OK on success
95 */
96int
97TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc,
98 const struct GNUNET_HashCode *trans_sec,
99 struct GNUNET_HashCode *secret)
100{
101 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
102 struct GNUNET_CRYPTO_SymmetricSessionKey skey;
103
104 derive_refresh_key (trans_sec, &iv, &skey);
105 return GNUNET_CRYPTO_symmetric_decrypt (secret_enc,
106 sizeof (struct GNUNET_HashCode),
107 &skey,
108 &iv,
109 secret);
110}
111
112
113/**
87 * Decrypt refresh link information. 114 * Decrypt refresh link information.
88 * 115 *
89 * @param input encrypted refresh link data 116 * @param input encrypted refresh link data