aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2015-01-27 22:01:08 +0100
committerChristian Grothoff <christian@grothoff.org>2015-01-27 22:01:08 +0100
commit27a72fdafe67bcba304e274e839a2780009bd8da (patch)
tree68ce5ae2af5083bb51b37643100ba1be09c5d5bf
parent426f05adbd6320c335248f9b40da881efae31ad3 (diff)
downloadexchange-27a72fdafe67bcba304e274e839a2780009bd8da.tar.gz
exchange-27a72fdafe67bcba304e274e839a2780009bd8da.zip
cleaning up types used
-rw-r--r--src/include/taler_util.h47
-rw-r--r--src/mint/mint.h5
-rw-r--r--src/mint/taler-mint-httpd_db.c4
-rw-r--r--src/util/crypto.c106
4 files changed, 134 insertions, 28 deletions
diff --git a/src/include/taler_util.h b/src/include/taler_util.h
index db6f22e68..19e6bacf1 100644
--- a/src/include/taler_util.h
+++ b/src/include/taler_util.h
@@ -241,6 +241,30 @@ TALER_data_to_string_alloc (const void *buf,
241/* ****************** Refresh crypto primitives ************* */ 241/* ****************** Refresh crypto primitives ************* */
242 242
243/** 243/**
244 * Secret used to decrypt refresh links.
245 */
246struct TALER_LinkSecret
247{
248 /**
249 * Secret used to decrypt the refresh link data.
250 */
251 char key[sizeof (struct GNUNET_HashCode)];
252};
253
254
255/**
256 * Encrypted secret used to decrypt refresh links.
257 */
258struct TALER_EncryptedLinkSecret
259{
260 /**
261 * Encrypted secret, must be the given size!
262 */
263 char enc[sizeof (struct TALER_LinkSecret)];
264};
265
266
267/**
244 * Representation of an encrypted refresh link. 268 * Representation of an encrypted refresh link.
245 */ 269 */
246struct TALER_RefreshLinkEncrypted 270struct TALER_RefreshLinkEncrypted
@@ -295,9 +319,24 @@ struct TALER_RefreshLinkDecrypted
295 * @return #GNUNET_OK on success 319 * @return #GNUNET_OK on success
296 */ 320 */
297int 321int
298TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, 322TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecret *secret_enc,
323 const struct GNUNET_HashCode *trans_sec,
324 struct TALER_LinkSecret *secret);
325
326
327/**
328 * Use the @a trans_sec (from ECDHE) to encrypt the @a secret
329 * to obtain the @a secret_enc.
330 *
331 * @param secret shared secret for refresh link decryption
332 * @param trans_sec transfer secret (FIXME: use different type?)
333 * @param secret_enc[out] encrypted secret
334 * @return #GNUNET_OK on success
335 */
336int
337TALER_transfer_encrypt (const struct TALER_LinkSecret *secret,
299 const struct GNUNET_HashCode *trans_sec, 338 const struct GNUNET_HashCode *trans_sec,
300 struct GNUNET_HashCode *secret); 339 struct TALER_EncryptedLinkSecret *secret_enc);
301 340
302 341
303/** 342/**
@@ -309,7 +348,7 @@ TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc,
309 */ 348 */
310struct TALER_RefreshLinkDecrypted * 349struct TALER_RefreshLinkDecrypted *
311TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, 350TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input,
312 const struct GNUNET_HashCode *secret); 351 const struct TALER_LinkSecret *secret);
313 352
314 353
315/** 354/**
@@ -321,7 +360,7 @@ TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input,
321 */ 360 */
322struct TALER_RefreshLinkEncrypted * 361struct TALER_RefreshLinkEncrypted *
323TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input, 362TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input,
324 const struct GNUNET_HashCode *secret); 363 const struct TALER_LinkSecret *secret);
325 364
326 365
327#endif 366#endif
diff --git a/src/mint/mint.h b/src/mint/mint.h
index bf8dfcfd3..046b9c17e 100644
--- a/src/mint/mint.h
+++ b/src/mint/mint.h
@@ -179,10 +179,9 @@ struct RefreshCommitLink
179 struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub; 179 struct GNUNET_CRYPTO_EcdsaPublicKey transfer_pub;
180 180
181 /** 181 /**
182 * FIXME: this is the encrypted shared secret, should use 182 * Encrypted shared secret to decrypt the link.
183 * a different type...
184 */ 183 */
185 struct GNUNET_HashCode shared_secret_enc; 184 struct TALER_EncryptedLinkSecret shared_secret_enc;
186}; 185};
187 186
188 187
diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c
index 9ddce104d..8f7553896 100644
--- a/src/mint/taler-mint-httpd_db.c
+++ b/src/mint/taler-mint-httpd_db.c
@@ -908,7 +908,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
908 off = 0; 908 off = 0;
909 for (i = 0; i < refresh_session.kappa - 1; i++) 909 for (i = 0; i < refresh_session.kappa - 1; i++)
910 { 910 {
911 struct GNUNET_HashCode last_shared_secret; 911 struct TALER_LinkSecret last_shared_secret;
912 int secret_initialized = GNUNET_NO; 912 int secret_initialized = GNUNET_NO;
913 913
914 if (i == refresh_session.noreveal_index) 914 if (i == refresh_session.noreveal_index)
@@ -919,7 +919,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection,
919 struct RefreshCommitLink commit_link; 919 struct RefreshCommitLink commit_link;
920 struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub; 920 struct GNUNET_CRYPTO_EcdsaPublicKey coin_pub;
921 struct GNUNET_HashCode transfer_secret; 921 struct GNUNET_HashCode transfer_secret;
922 struct GNUNET_HashCode shared_secret; 922 struct TALER_LinkSecret shared_secret;
923 923
924 res = TALER_MINT_DB_get_refresh_commit_link (db_conn, 924 res = TALER_MINT_DB_get_refresh_commit_link (db_conn,
925 refresh_session_pub, 925 refresh_session_pub,
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 930c43a7f..65c586d75 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -30,24 +30,34 @@
30 30
31#define CURVE "Ed25519" 31#define CURVE "Ed25519"
32 32
33 33/**
34 * Function called by libgcrypt on serious errors.
35 * Prints an error message and aborts the process.
36 *
37 * @param cls NULL
38 * @param wtf unknown
39 * @param msg error message
40 */
34static void 41static void
35fatal_error_handler (void *cls, int wtf, const char *msg) 42fatal_error_handler (void *cls,
43 int wtf,
44 const char *msg)
36{ 45{
37 LOG_ERROR("Fatal error in Gcrypt: %s\n", msg); 46 LOG_ERROR ("Fatal error in libgcrypt: %s\n",
47 msg);
38 abort(); 48 abort();
39} 49}
40 50
41 51
42/** 52/**
43 * Initialize Gcrypt library. 53 * Initialize libgcrypt.
44 */ 54 */
45void 55void
46TALER_gcrypt_init() 56TALER_gcrypt_init ()
47{ 57{
48 gcry_set_fatalerror_handler (&fatal_error_handler, NULL); 58 gcry_set_fatalerror_handler (&fatal_error_handler, NULL);
49 TALER_assert_as(gcry_check_version(NEED_LIBGCRYPT_VERSION), 59 TALER_assert_as (gcry_check_version (NEED_LIBGCRYPT_VERSION),
50 "libgcrypt version mismatch"); 60 "libgcrypt version mismatch");
51 /* Disable secure memory. */ 61 /* Disable secure memory. */
52 gcry_control (GCRYCTL_DISABLE_SECMEM, 0); 62 gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
53 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0); 63 gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
@@ -56,19 +66,48 @@ TALER_gcrypt_init()
56 66
57/** 67/**
58 * Derive symmetric key material for refresh operations from 68 * Derive symmetric key material for refresh operations from
59 * a given shared secret. 69 * a given shared secret for link decryption.
60 * 70 *
61 * @param secret the shared secret 71 * @param secret the shared secret
62 * @param[out] iv set to initialization vector 72 * @param[out] iv set to initialization vector
63 * @param[out] skey set to session key 73 * @param[out] skey set to session key
64 */ 74 */
65static void 75static void
66derive_refresh_key (const struct GNUNET_HashCode *secret, 76derive_refresh_key (const struct TALER_LinkSecret *secret,
67 struct GNUNET_CRYPTO_SymmetricInitializationVector *iv, 77 struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
68 struct GNUNET_CRYPTO_SymmetricSessionKey *skey) 78 struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
69{ 79{
70 static const char ctx_key[] = "taler-key-skey"; 80 static const char ctx_key[] = "taler-link-skey";
71 static const char ctx_iv[] = "taler-key-iv"; 81 static const char ctx_iv[] = "taler-link-iv";
82
83 GNUNET_assert (GNUNET_YES ==
84 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
85 ctx_key, strlen (ctx_key),
86 secret, sizeof (struct TALER_LinkSecret),
87 NULL, 0));
88 GNUNET_assert (GNUNET_YES ==
89 GNUNET_CRYPTO_kdf (iv, sizeof (struct GNUNET_CRYPTO_SymmetricInitializationVector),
90 ctx_iv, strlen (ctx_iv),
91 secret, sizeof (struct TALER_LinkSecret),
92 NULL, 0));
93}
94
95
96/**
97 * Derive symmetric key material for refresh operations from
98 * a given shared secret for key decryption.
99 *
100 * @param secret the shared secret
101 * @param[out] iv set to initialization vector
102 * @param[out] skey set to session key
103 */
104static void
105derive_transfer_key (const struct GNUNET_HashCode *secret,
106 struct GNUNET_CRYPTO_SymmetricInitializationVector *iv,
107 struct GNUNET_CRYPTO_SymmetricSessionKey *skey)
108{
109 static const char ctx_key[] = "taler-transfer-skey";
110 static const char ctx_iv[] = "taler-transfer-iv";
72 111
73 GNUNET_assert (GNUNET_YES == 112 GNUNET_assert (GNUNET_YES ==
74 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey), 113 GNUNET_CRYPTO_kdf (skey, sizeof (struct GNUNET_CRYPTO_SymmetricSessionKey),
@@ -87,23 +126,24 @@ derive_refresh_key (const struct GNUNET_HashCode *secret,
87 * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc 126 * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc
88 * to obtain the @a secret to decrypt the linkage data. 127 * to obtain the @a secret to decrypt the linkage data.
89 * 128 *
90 * @param secret_enc encrypted secret (FIXME: use different type!) 129 * @param secret_enc encrypted secret
91 * @param trans_sec transfer secret (FIXME: use different type?) 130 * @param trans_sec transfer secret (FIXME: use different type?)
92 * @param secret shared secret for refresh link decryption 131 * @param secret shared secret for refresh link decryption
93 * (FIXME: use different type?)
94 * @return #GNUNET_OK on success 132 * @return #GNUNET_OK on success
95 */ 133 */
96int 134int
97TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc, 135TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecret *secret_enc,
98 const struct GNUNET_HashCode *trans_sec, 136 const struct GNUNET_HashCode *trans_sec,
99 struct GNUNET_HashCode *secret) 137 struct TALER_LinkSecret *secret)
100{ 138{
101 struct GNUNET_CRYPTO_SymmetricInitializationVector iv; 139 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
102 struct GNUNET_CRYPTO_SymmetricSessionKey skey; 140 struct GNUNET_CRYPTO_SymmetricSessionKey skey;
103 141
104 derive_refresh_key (trans_sec, &iv, &skey); 142 GNUNET_assert (sizeof (struct TALER_EncryptedLinkSecret) ==
143 sizeof (struct TALER_LinkSecret));
144 derive_transfer_key (trans_sec, &iv, &skey);
105 return GNUNET_CRYPTO_symmetric_decrypt (secret_enc, 145 return GNUNET_CRYPTO_symmetric_decrypt (secret_enc,
106 sizeof (struct GNUNET_HashCode), 146 sizeof (struct TALER_LinkSecret),
107 &skey, 147 &skey,
108 &iv, 148 &iv,
109 secret); 149 secret);
@@ -111,6 +151,34 @@ TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc,
111 151
112 152
113/** 153/**
154 * Use the @a trans_sec (from ECDHE) to encrypt the @a secret
155 * to obtain the @a secret_enc.
156 *
157 * @param secret shared secret for refresh link decryption
158 * @param trans_sec transfer secret (FIXME: use different type?)
159 * @param secret_enc[out] encrypted secret
160 * @return #GNUNET_OK on success
161 */
162int
163TALER_transfer_encrypt (const struct TALER_LinkSecret *secret,
164 const struct GNUNET_HashCode *trans_sec,
165 struct TALER_EncryptedLinkSecret *secret_enc)
166{
167 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
168 struct GNUNET_CRYPTO_SymmetricSessionKey skey;
169
170 GNUNET_assert (sizeof (struct TALER_EncryptedLinkSecret) ==
171 sizeof (struct TALER_LinkSecret));
172 derive_transfer_key (trans_sec, &iv, &skey);
173 return GNUNET_CRYPTO_symmetric_encrypt (secret,
174 sizeof (struct TALER_LinkSecret),
175 &skey,
176 &iv,
177 secret_enc);
178}
179
180
181/**
114 * Decrypt refresh link information. 182 * Decrypt refresh link information.
115 * 183 *
116 * @param input encrypted refresh link data 184 * @param input encrypted refresh link data
@@ -119,7 +187,7 @@ TALER_transfer_decrypt (const struct GNUNET_HashCode *secret_enc,
119 */ 187 */
120struct TALER_RefreshLinkDecrypted * 188struct TALER_RefreshLinkDecrypted *
121TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input, 189TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input,
122 const struct GNUNET_HashCode *secret) 190 const struct TALER_LinkSecret *secret)
123{ 191{
124 struct TALER_RefreshLinkDecrypted *ret; 192 struct TALER_RefreshLinkDecrypted *ret;
125 struct GNUNET_CRYPTO_SymmetricInitializationVector iv; 193 struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
@@ -162,7 +230,7 @@ TALER_refresh_decrypt (const struct TALER_RefreshLinkEncrypted *input,
162 */ 230 */
163struct TALER_RefreshLinkEncrypted * 231struct TALER_RefreshLinkEncrypted *
164TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input, 232TALER_refresh_encrypt (const struct TALER_RefreshLinkDecrypted *input,
165 const struct GNUNET_HashCode *secret) 233 const struct TALER_LinkSecret *secret)
166{ 234{
167 char *b_buf; 235 char *b_buf;
168 size_t b_buf_size; 236 size_t b_buf_size;