diff options
author | Christian Grothoff <christian@grothoff.org> | 2015-01-27 22:01:08 +0100 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2015-01-27 22:01:08 +0100 |
commit | 27a72fdafe67bcba304e274e839a2780009bd8da (patch) | |
tree | 68ce5ae2af5083bb51b37643100ba1be09c5d5bf | |
parent | 426f05adbd6320c335248f9b40da881efae31ad3 (diff) | |
download | exchange-27a72fdafe67bcba304e274e839a2780009bd8da.tar.gz exchange-27a72fdafe67bcba304e274e839a2780009bd8da.zip |
cleaning up types used
-rw-r--r-- | src/include/taler_util.h | 47 | ||||
-rw-r--r-- | src/mint/mint.h | 5 | ||||
-rw-r--r-- | src/mint/taler-mint-httpd_db.c | 4 | ||||
-rw-r--r-- | src/util/crypto.c | 106 |
4 files changed, 134 insertions, 28 deletions
diff --git a/src/include/taler_util.h b/src/include/taler_util.h index db6f22e68..19e6bacf1 100644 --- a/src/include/taler_util.h +++ b/src/include/taler_util.h | |||
@@ -241,6 +241,30 @@ TALER_data_to_string_alloc (const void *buf, | |||
241 | /* ****************** Refresh crypto primitives ************* */ | 241 | /* ****************** Refresh crypto primitives ************* */ |
242 | 242 | ||
243 | /** | 243 | /** |
244 | * Secret used to decrypt refresh links. | ||
245 | */ | ||
246 | struct TALER_LinkSecret | ||
247 | { | ||
248 | /** | ||
249 | * Secret used to decrypt the refresh link data. | ||
250 | */ | ||
251 | char key[sizeof (struct GNUNET_HashCode)]; | ||
252 | }; | ||
253 | |||
254 | |||
255 | /** | ||
256 | * Encrypted secret used to decrypt refresh links. | ||
257 | */ | ||
258 | struct TALER_EncryptedLinkSecret | ||
259 | { | ||
260 | /** | ||
261 | * Encrypted secret, must be the given size! | ||
262 | */ | ||
263 | char enc[sizeof (struct TALER_LinkSecret)]; | ||
264 | }; | ||
265 | |||
266 | |||
267 | /** | ||
244 | * Representation of an encrypted refresh link. | 268 | * Representation of an encrypted refresh link. |
245 | */ | 269 | */ |
246 | struct TALER_RefreshLinkEncrypted | 270 | struct TALER_RefreshLinkEncrypted |
@@ -295,9 +319,24 @@ struct TALER_RefreshLinkDecrypted | |||
295 | * @return #GNUNET_OK on success | 319 | * @return #GNUNET_OK on success |
296 | */ | 320 | */ |
297 | int | 321 | int |
298 | TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, | 322 | TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecret *secret_enc, |
323 | const struct GNUNET_HashCode *trans_sec, | ||
324 | struct TALER_LinkSecret *secret); | ||
325 | |||
326 | |||
327 | /** | ||
328 | * Use the @a trans_sec (from ECDHE) to encrypt the @a secret | ||
329 | * to obtain the @a secret_enc. | ||
330 | * | ||
331 | * @param secret shared secret for refresh link decryption | ||
332 | * @param trans_sec transfer secret (FIXME: use different type?) | ||
333 | * @param secret_enc[out] encrypted secret | ||
334 | * @return #GNUNET_OK on success | ||
335 | */ | ||
336 | int | ||
337 | TALER_transfer_encrypt (const struct TALER_LinkSecret *secret, | ||
299 | const struct GNUNET_HashCode *trans_sec, | 338 | const struct GNUNET_HashCode *trans_sec, |
300 | struct GNUNET_HashCode *secret); | 339 | struct TALER_EncryptedLinkSecret *secret_enc); |
301 | 340 | ||
302 | 341 | ||
303 | /** | 342 | /** |
@@ -309,7 +348,7 @@ TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, | |||
309 | */ | 348 | */ |
310 | struct TALER_RefreshLinkDecrypted * | 349 | struct TALER_RefreshLinkDecrypted * |
311 | TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, | 350 | TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, |
312 | const struct GNUNET_HashCode *secret); | 351 | const struct TALER_LinkSecret *secret); |
313 | 352 | ||
314 | 353 | ||
315 | /** | 354 | /** |
@@ -321,7 +360,7 @@ TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, | |||
321 | */ | 360 | */ |
322 | struct TALER_RefreshLinkEncrypted * | 361 | struct TALER_RefreshLinkEncrypted * |
323 | TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input, | 362 | TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input, |
324 | const struct GNUNET_HashCode *secret); | 363 | const struct TALER_LinkSecret *secret); |
325 | 364 | ||
326 | 365 | ||
327 | #endif | 366 | #endif |
diff --git a/src/mint/mint.h b/src/mint/mint.h index bf8dfcfd3..046b9c17e 100644 --- a/src/mint/mint.h +++ b/src/mint/mint.h | |||
@@ -179,10 +179,9 @@ struct RefreshCommitLink | |||
179 | struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub; | 179 | struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub; |
180 | 180 | ||
181 | /** | 181 | /** |
182 | * FIXME: this is the encrypted shared secret, should use | 182 | * Encrypted shared secret to decrypt the link. |
183 | * a different type... | ||
184 | */ | 183 | */ |
185 | struct GNUNET_HashCode shared_secret_enc; | 184 | struct TALER_EncryptedLinkSecret shared_secret_enc; |
186 | }; | 185 | }; |
187 | 186 | ||
188 | 187 | ||
diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c index 9ddce104d..8f7553896 100644 --- a/src/mint/taler-mint-httpd_db.c +++ b/src/mint/taler-mint-httpd_db.c | |||
@@ -908,7 +908,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, | |||
908 | off = 0; | 908 | off = 0; |
909 | for (i = 0; i < refresh_session.kappa - 1; i++) | 909 | for (i = 0; i < refresh_session.kappa - 1; i++) |
910 | { | 910 | { |
911 | struct GNUNET_HashCode last_shared_secret; | 911 | struct TALER_LinkSecret last_shared_secret; |
912 | int secret_initialized = GNUNET_NO; | 912 | int secret_initialized = GNUNET_NO; |
913 | 913 | ||
914 | if (i == refresh_session.noreveal_index) | 914 | if (i == refresh_session.noreveal_index) |
@@ -919,7 +919,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, | |||
919 | struct RefreshCommitLink commit_link; | 919 | struct RefreshCommitLink commit_link; |
920 | struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub; | 920 | struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub; |
921 | struct GNUNET_HashCode transfer_secret; | 921 | struct GNUNET_HashCode transfer_secret; |
922 | struct GNUNET_HashCode shared_secret; | 922 | struct TALER_LinkSecret shared_secret; |
923 | 923 | ||
924 | res = TALER_MINT_DB_get_refresh_commit_link (db_conn, | 924 | res = TALER_MINT_DB_get_refresh_commit_link (db_conn, |
925 | refresh_session_pub, | 925 | refresh_session_pub, |
diff --git a/src/util/crypto.c b/src/util/crypto.c index 930c43a7f..65c586d75 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c | |||
@@ -30,24 +30,34 @@ | |||
30 | 30 | ||
31 | #define CURVE "Ed25519" | 31 | #define CURVE "Ed25519" |
32 | 32 | ||
33 | 33 | /** | |
34 | * Function called by libgcrypt on serious errors. | ||
35 | * Prints an error message and aborts the process. | ||
36 | * | ||
37 | * @param cls NULL | ||
38 | * @param wtf unknown | ||
39 | * @param msg error message | ||
40 | */ | ||
34 | static void | 41 | static void |
35 | fatal_error_handler (void *cls, int wtf, const char *msg) | 42 | fatal_error_handler (void *cls, |
43 | int wtf, | ||
44 | const char *msg) | ||
36 | { | 45 | { |
37 | LOG_ERROR("Fatal error in Gcrypt: %s\n", msg); | 46 | LOG_ERROR ("Fatal error in libgcrypt: %s\n", |
47 | msg); | ||
38 | abort(); | 48 | abort(); |
39 | } | 49 | } |
40 | 50 | ||
41 | 51 | ||
42 | /** | 52 | /** |
43 | * Initialize Gcrypt library. | 53 | * Initialize libgcrypt. |
44 | */ | 54 | */ |
45 | void | 55 | void |
46 | TALER_gcrypt_init() | 56 | TALER_gcrypt_init () |
47 | { | 57 | { |
48 | gcry_set_fatalerror_handler (&fatal_error_handler, NULL); | 58 | gcry_set_fatalerror_handler (&fatal_error_handler, NULL); |
49 | TALER_assert_as(gcry_check_version(NEED_LIBGCRYPT_VERSION), | 59 | TALER_assert_as (gcry_check_version (NEED_LIBGCRYPT_VERSION), |
50 | "libgcrypt version mismatch"); | 60 | "libgcrypt version mismatch"); |
51 | /* Disable secure memory. */ | 61 | /* Disable secure memory. */ |
52 | gcry_control (GCRYCTL_DISABLE_SECMEM, 0); | 62 | gcry_control (GCRYCTL_DISABLE_SECMEM, 0); |
53 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); | 63 | gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); |
@@ -56,19 +66,48 @@ TALER_gcrypt_init() | |||
56 | 66 | ||
57 | /** | 67 | /** |
58 | * Derive symmetric key material for refresh operations from | 68 | * Derive symmetric key material for refresh operations from |
59 | * a given shared secret. | 69 | * a given shared secret for link decryption. |
60 | * | 70 | * |
61 | * @param secret the shared secret | 71 | * @param secret the shared secret |
62 | * @param[out] iv set to initialization vector | 72 | * @param[out] iv set to initialization vector |
63 | * @param[out] skey set to session key | 73 | * @param[out] skey set to session key |
64 | */ | 74 | */ |
65 | static void | 75 | static void |
66 | derive_refresh_key (const struct GNUNET_HashCode *secret, | 76 | derive_refresh_key (const struct TALER_LinkSecret *secret, |
67 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | 77 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, |
68 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey) | 78 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey) |
69 | { | 79 | { |
70 | static const char ctx_key[] = "taler-key-skey"; | 80 | static const char ctx_key[] = "taler-link-skey"; |
71 | static const char ctx_iv[] = "taler-key-iv"; | 81 | static const char ctx_iv[] = "taler-link-iv"; |
82 | |||
83 | GNUNET_assert (GNUNET_YES == | ||
84 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), | ||
85 | ctx_key, strlen (ctx_key), | ||
86 | secret, sizeof (struct TALER_LinkSecret), | ||
87 | NULL, 0)); | ||
88 | GNUNET_assert (GNUNET_YES == | ||
89 | GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector), | ||
90 | ctx_iv, strlen (ctx_iv), | ||
91 | secret, sizeof (struct TALER_LinkSecret), | ||
92 | NULL, 0)); | ||
93 | } | ||
94 | |||
95 | |||
96 | /** | ||
97 | * Derive symmetric key material for refresh operations from | ||
98 | * a given shared secret for key decryption. | ||
99 | * | ||
100 | * @param secret the shared secret | ||
101 | * @param[out] iv set to initialization vector | ||
102 | * @param[out] skey set to session key | ||
103 | */ | ||
104 | static void | ||
105 | derive_transfer_key (const struct GNUNET_HashCode *secret, | ||
106 | struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, | ||
107 | struct GNUNET_CRYPTO_SymmetricSessionKey *skey) | ||
108 | { | ||
109 | static const char ctx_key[] = "taler-transfer-skey"; | ||
110 | static const char ctx_iv[] = "taler-transfer-iv"; | ||
72 | 111 | ||
73 | GNUNET_assert (GNUNET_YES == | 112 | GNUNET_assert (GNUNET_YES == |
74 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), | 113 | GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), |
@@ -87,23 +126,24 @@ derive_refresh_key (const struct GNUNET_HashCode *secret, | |||
87 | * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc | 126 | * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc |
88 | * to obtain the @a secret to decrypt the linkage data. | 127 | * to obtain the @a secret to decrypt the linkage data. |
89 | * | 128 | * |
90 | * @param secret_enc encrypted secret (FIXME: use different type!) | 129 | * @param secret_enc encrypted secret |
91 | * @param trans_sec transfer secret (FIXME: use different type?) | 130 | * @param trans_sec transfer secret (FIXME: use different type?) |
92 | * @param secret shared secret for refresh link decryption | 131 | * @param secret shared secret for refresh link decryption |
93 | * (FIXME: use different type?) | ||
94 | * @return #GNUNET_OK on success | 132 | * @return #GNUNET_OK on success |
95 | */ | 133 | */ |
96 | int | 134 | int |
97 | TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, | 135 | TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecret *secret_enc, |
98 | const struct GNUNET_HashCode *trans_sec, | 136 | const struct GNUNET_HashCode *trans_sec, |
99 | struct GNUNET_HashCode *secret) | 137 | struct TALER_LinkSecret *secret) |
100 | { | 138 | { |
101 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 139 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
102 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | 140 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; |
103 | 141 | ||
104 | derive_refresh_key (trans_sec, &iv, &skey); | 142 | GNUNET_assert (sizeof (struct TALER_EncryptedLinkSecret) == |
143 | sizeof (struct TALER_LinkSecret)); | ||
144 | derive_transfer_key (trans_sec, &iv, &skey); | ||
105 | return GNUNET_CRYPTO_symmetric_decrypt (secret_enc, | 145 | return GNUNET_CRYPTO_symmetric_decrypt (secret_enc, |
106 | sizeof (struct GNUNET_HashCode), | 146 | sizeof (struct TALER_LinkSecret), |
107 | &skey, | 147 | &skey, |
108 | &iv, | 148 | &iv, |
109 | secret); | 149 | secret); |
@@ -111,6 +151,34 @@ TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, | |||
111 | 151 | ||
112 | 152 | ||
113 | /** | 153 | /** |
154 | * Use the @a trans_sec (from ECDHE) to encrypt the @a secret | ||
155 | * to obtain the @a secret_enc. | ||
156 | * | ||
157 | * @param secret shared secret for refresh link decryption | ||
158 | * @param trans_sec transfer secret (FIXME: use different type?) | ||
159 | * @param secret_enc[out] encrypted secret | ||
160 | * @return #GNUNET_OK on success | ||
161 | */ | ||
162 | int | ||
163 | TALER_transfer_encrypt (const struct TALER_LinkSecret *secret, | ||
164 | const struct GNUNET_HashCode *trans_sec, | ||
165 | struct TALER_EncryptedLinkSecret *secret_enc) | ||
166 | { | ||
167 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | ||
168 | struct GNUNET_CRYPTO_SymmetricSessionKey skey; | ||
169 | |||
170 | GNUNET_assert (sizeof (struct TALER_EncryptedLinkSecret) == | ||
171 | sizeof (struct TALER_LinkSecret)); | ||
172 | derive_transfer_key (trans_sec, &iv, &skey); | ||
173 | return GNUNET_CRYPTO_symmetric_encrypt (secret, | ||
174 | sizeof (struct TALER_LinkSecret), | ||
175 | &skey, | ||
176 | &iv, | ||
177 | secret_enc); | ||
178 | } | ||
179 | |||
180 | |||
181 | /** | ||
114 | * Decrypt refresh link information. | 182 | * Decrypt refresh link information. |
115 | * | 183 | * |
116 | * @param input encrypted refresh link data | 184 | * @param input encrypted refresh link data |
@@ -119,7 +187,7 @@ TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, | |||
119 | */ | 187 | */ |
120 | struct TALER_RefreshLinkDecrypted * | 188 | struct TALER_RefreshLinkDecrypted * |
121 | TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, | 189 | TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, |
122 | const struct GNUNET_HashCode *secret) | 190 | const struct TALER_LinkSecret *secret) |
123 | { | 191 | { |
124 | struct TALER_RefreshLinkDecrypted *ret; | 192 | struct TALER_RefreshLinkDecrypted *ret; |
125 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; | 193 | struct GNUNET_CRYPTO_SymmetricInitializationVector iv; |
@@ -162,7 +230,7 @@ TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, | |||
162 | */ | 230 | */ |
163 | struct TALER_RefreshLinkEncrypted * | 231 | struct TALER_RefreshLinkEncrypted * |
164 | TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input, | 232 | TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input, |
165 | const struct GNUNET_HashCode *secret) | 233 | const struct TALER_LinkSecret *secret) |
166 | { | 234 | { |
167 | char *b_buf; | 235 | char *b_buf; |
168 | size_t b_buf_size; | 236 | size_t b_buf_size; |