diff options
| author | Christian Grothoff <grothoff@gnunet.org> | 2021-11-05 14:00:10 +0100 |
|---|---|---|
| committer | Christian Grothoff <grothoff@gnunet.org> | 2021-11-05 14:00:10 +0100 |
| commit | 32da809fd665f1ac19210bf48952f1988f417fb8 (patch) | |
| tree | eebd61cf482dddf83c1ce530f3aca0c045a33591 | |
| parent | 766922f7e9bd5570fd12b663e61f8bd622e51c78 (diff) | |
| download | exchange-32da809fd665f1ac19210bf48952f1988f417fb8.tar.gz exchange-32da809fd665f1ac19210bf48952f1988f417fb8.tar.bz2 exchange-32da809fd665f1ac19210bf48952f1988f417fb8.zip | |
abstract denomination keys a bit more
| -rw-r--r-- | src/auditor/report-lib.c | 2 | ||||
| -rw-r--r-- | src/auditordb/test_auditordb.c | 11 | ||||
| -rw-r--r-- | src/benchmark/taler-aggregator-benchmark.c | 19 | ||||
| -rw-r--r-- | src/exchangedb/test_exchangedb.c | 13 | ||||
| -rw-r--r-- | src/include/taler_crypto_lib.h | 36 | ||||
| -rw-r--r-- | src/testing/testing_api_cmd_insert_deposit.c | 24 | ||||
| -rw-r--r-- | src/util/denom.c | 87 | ||||
| -rw-r--r-- | src/util/taler-exchange-secmod-rsa.c | 52 | ||||
| -rw-r--r-- | src/util/test_crypto.c | 11 |
9 files changed, 188 insertions, 67 deletions
diff --git a/src/auditor/report-lib.c b/src/auditor/report-lib.c index cc1b48b6a..e6468f692 100644 --- a/src/auditor/report-lib.c +++ b/src/auditor/report-lib.c @@ -151,7 +151,7 @@ add_denomination ( &issue->value); GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Tracking denomination `%s' (%s)\n", - GNUNET_h2s (&issue->denom_hash), + GNUNET_h2s (&issue->denom_hash.hash), TALER_amount2s (&value)); TALER_amount_ntoh (&value, &issue->fee_withdraw); diff --git a/src/auditordb/test_auditordb.c b/src/auditordb/test_auditordb.c index 7e5a97035..38f0c24f4 100644 --- a/src/auditordb/test_auditordb.c +++ b/src/auditordb/test_auditordb.c @@ -142,12 +142,11 @@ run (void *cls) RND_BLK (&master_pub); RND_BLK (&reserve_pub); RND_BLK (&rnd_hash); - denom_priv.cipher = TALER_DENOMINATION_RSA; - denom_priv.details.rsa_private_key = GNUNET_CRYPTO_rsa_private_key_create ( - 1024); - TALER_denom_priv_to_pub (&denom_priv, - 0, /* age mask */ - &denom_pub); + GNUNET_assert (GNUNET_OK == + TALER_denom_priv_create (&denom_priv, + &denom_pub, + TALER_DENOMINATION_RSA, + 1024)); TALER_denom_pub_hash (&denom_pub, &denom_pub_hash); TALER_denom_priv_free (&denom_priv); diff --git a/src/benchmark/taler-aggregator-benchmark.c b/src/benchmark/taler-aggregator-benchmark.c index 34c45b5cd..35d6af6fe 100644 --- a/src/benchmark/taler-aggregator-benchmark.c +++ b/src/benchmark/taler-aggregator-benchmark.c @@ -479,17 +479,16 @@ run (void *cls, GNUNET_TIME_absolute_add (end, GNUNET_TIME_UNIT_YEARS)); { - struct GNUNET_CRYPTO_RsaPrivateKey *pk; - struct GNUNET_CRYPTO_RsaPublicKey *pub; + struct TALER_DenominationPrivateKey pk; struct GNUNET_HashCode hc; - struct TALER_DenominationPublicKey denom_pub = { - .cipher = TALER_DENOMINATION_RSA - }; + struct TALER_DenominationPublicKey denom_pub; RANDOMIZE (&hc); - pk = GNUNET_CRYPTO_rsa_private_key_create (1024); - pub = GNUNET_CRYPTO_rsa_private_key_get_public (pk); - denom_pub.details.rsa_public_key = pub; + GNUNET_assert (GNUNET_OK == + TALER_denom_priv_create (&pk, + &denom_pub, + TALER_DENOMINATION_RSA, + 1024)); TALER_denom_pub_hash (&denom_pub, &h_denom_pub); make_amountN (2, 0, &issue.properties.value); @@ -510,10 +509,10 @@ run (void *cls, } denom_sig.cipher = TALER_DENOMINATION_RSA; denom_sig.details.rsa_signature - = GNUNET_CRYPTO_rsa_sign_fdh (pk, + = GNUNET_CRYPTO_rsa_sign_fdh (pk.details.rsa_private_key, &hc); TALER_denom_pub_free (&denom_pub); - GNUNET_CRYPTO_rsa_private_key_free (pk); + TALER_denom_priv_free (&pk); } { diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c index 44ae56803..76a83a1b4 100644 --- a/src/exchangedb/test_exchangedb.c +++ b/src/exchangedb/test_exchangedb.c @@ -225,14 +225,11 @@ create_denom_key_pair (unsigned int size, struct TALER_EXCHANGEDB_DenominationKeyInformationP issue2; dkp = GNUNET_new (struct DenomKeyPair); - dkp->priv.cipher = TALER_DENOMINATION_RSA; - dkp->priv.details.rsa_private_key = GNUNET_CRYPTO_rsa_private_key_create ( - size); - GNUNET_assert (NULL != dkp->priv.details.rsa_private_key); - TALER_denom_priv_to_pub (&dkp->priv, - 0, /* age mask */ - &dkp->pub); - + GNUNET_assert (GNUNET_OK == + TALER_denom_priv_create (&dkp->priv, + &dkp->pub, + TALER_DENOMINATION_RSA, + size)); /* Using memset() as fields like master key and signature are not properly initialized for this test. */ memset (&dki, diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 8871369e2..b726972ce 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -678,6 +678,26 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub); /** + * Initialize denomination public-private key pair. + * + * For #TALER_DENOMINATION_RSA, an additional "unsigned int" + * argument with the number of bits for 'n' (e.g. 2048) must + * be passed. + * + * @param[out] denom_priv where to write the private key + * @param[out] deonm_pub where to write the public key + * @param cipher which type of cipher to use + * @param ... cipher-specific parameters + * @return #GNUNET_OK on success, #GNUNET_NO if parameters were invalid + */ +enum GNUNET_GenericReturnValue +TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv, + struct TALER_DenominationPublicKey *denom_pub, + enum TALER_DenominationCipher cipher, + ...); + + +/** * Free internals of @a denom_priv, but not @a denom_priv itself. * * @param[in] denom_priv key to free @@ -696,6 +716,22 @@ TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig); /** + * Create blinded signature. + * + * @param[out] denom_sig where to write the signature + * @param denom_priv private key to use for signing + * @param blinded_msg message to sign + * @param blinded_msg_size number of bytes in @a blinded_msg + * @return #GNUNET_OK on success + */ +enum GNUNET_GenericReturnValue +TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, + const struct TALER_DenominationPrivateKey *denom_priv, + void *blinded_msg, + size_t blinded_msg_size); + + +/** * Free internals of @a denom_sig, but not @a denom_sig itself. * * @param[in] denom_sig signature to free diff --git a/src/testing/testing_api_cmd_insert_deposit.c b/src/testing/testing_api_cmd_insert_deposit.c index cc427ff5e..88ced9c2c 100644 --- a/src/testing/testing_api_cmd_insert_deposit.c +++ b/src/testing/testing_api_cmd_insert_deposit.c @@ -136,17 +136,17 @@ insert_deposit_run (void *cls, struct TALER_EXCHANGEDB_Deposit deposit; struct TALER_MerchantPrivateKeyP merchant_priv; struct TALER_EXCHANGEDB_DenominationKeyInformationP issue; - struct TALER_DenominationPublicKey dpk = { - .cipher = TALER_DENOMINATION_RSA - }; - struct GNUNET_CRYPTO_RsaPrivateKey *denom_priv; + struct TALER_DenominationPublicKey dpk; + struct TALER_DenominationPrivateKey denom_priv; struct GNUNET_HashCode hc; // prepare and store issue first. fake_issue (&issue); - denom_priv = GNUNET_CRYPTO_rsa_private_key_create (1024); - dpk.details.rsa_public_key = GNUNET_CRYPTO_rsa_private_key_get_public ( - denom_priv); + GNUNET_assert (GNUNET_OK == + TALER_denom_priv_create (&denom_priv, + &dpk, + TALER_DENOMINATION_RSA, + 1024)); TALER_denom_pub_hash (&dpk, &issue.properties.denom_hash); @@ -161,6 +161,8 @@ insert_deposit_run (void *cls, ids->dbc->plugin->commit (ids->dbc->plugin->cls)) ) { TALER_TESTING_interpreter_fail (is); + TALER_denom_pub_free (&dpk); + TALER_denom_priv_free (&denom_priv); return; } @@ -189,6 +191,8 @@ insert_deposit_run (void *cls, &deposit.deposit_fee)) ) { TALER_TESTING_interpreter_fail (is); + TALER_denom_pub_free (&dpk); + TALER_denom_priv_free (&denom_priv); return; } @@ -201,7 +205,7 @@ insert_deposit_run (void *cls, &hc); deposit.coin.denom_sig.cipher = TALER_DENOMINATION_RSA; deposit.coin.denom_sig.details.rsa_signature - = GNUNET_CRYPTO_rsa_sign_fdh (denom_priv, + = GNUNET_CRYPTO_rsa_sign_fdh (denom_priv.details.rsa_private_key, &hc); GNUNET_asprintf (&deposit.receiver_wire_account, "payto://x-taler-bank/localhost/%s", @@ -231,13 +235,15 @@ insert_deposit_run (void *cls, GNUNET_break (0); ids->dbc->plugin->rollback (ids->dbc->plugin->cls); GNUNET_free (deposit.receiver_wire_account); + TALER_denom_pub_free (&dpk); + TALER_denom_priv_free (&denom_priv); TALER_TESTING_interpreter_fail (is); return; } TALER_denom_sig_free (&deposit.coin.denom_sig); TALER_denom_pub_free (&dpk); - GNUNET_CRYPTO_rsa_private_key_free (denom_priv); + TALER_denom_priv_free (&denom_priv); GNUNET_free (deposit.receiver_wire_account); TALER_TESTING_interpreter_next (is); } diff --git a/src/util/denom.c b/src/util/denom.c index 15ba1c1ae..f251d9052 100644 --- a/src/util/denom.c +++ b/src/util/denom.c @@ -22,6 +22,93 @@ #include "taler_util.h" +enum GNUNET_GenericReturnValue +TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv, + struct TALER_DenominationPublicKey *denom_pub, + enum TALER_DenominationCipher cipher, + ...) +{ + memset (denom_priv, + 0, + sizeof (*denom_priv)); + memset (denom_pub, + 0, + sizeof (*denom_pub)); + switch (cipher) + { + case TALER_DENOMINATION_INVALID: + GNUNET_break (0); + return GNUNET_SYSERR; + case TALER_DENOMINATION_RSA: + { + va_list ap; + unsigned int bits; + + va_start (ap, cipher); + bits = va_arg (ap, unsigned int); + va_end (ap); + if (bits < 512) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + denom_priv->details.rsa_private_key + = GNUNET_CRYPTO_rsa_private_key_create (bits); + } + if (NULL == denom_priv->details.rsa_private_key) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + denom_pub->details.rsa_public_key + = GNUNET_CRYPTO_rsa_private_key_get_public ( + denom_priv->details.rsa_private_key); + denom_priv->cipher = cipher; + denom_pub->cipher = cipher; + return GNUNET_OK; + // TODO: add case for Clause-Schnorr + default: + GNUNET_break (0); + } + return GNUNET_SYSERR; +} + + +enum GNUNET_GenericReturnValue +TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, + const struct TALER_DenominationPrivateKey *denom_priv, + void *blinded_msg, + size_t blinded_msg_size) +{ + memset (denom_sig, + 0, + sizeof (*denom_sig)); + switch (denom_priv->cipher) + { + case TALER_DENOMINATION_INVALID: + GNUNET_break (0); + return GNUNET_SYSERR; + case TALER_DENOMINATION_RSA: + denom_sig->details.blinded_rsa_signature + = GNUNET_CRYPTO_rsa_sign_blinded ( + denom_priv->details.rsa_private_key, + blinded_msg, + blinded_msg_size); + if (NULL == denom_sig->details.blinded_rsa_signature) + { + GNUNET_break (0); + return GNUNET_SYSERR; + } + denom_sig->cipher = TALER_DENOMINATION_RSA; + return GNUNET_OK; + // TODO: add case for Clause-Schnorr + default: + GNUNET_break (0); + } + return GNUNET_SYSERR; +} + + void TALER_denom_pub_hash (const struct TALER_DenominationPublicKey *denom_pub, struct TALER_DenominationHash *denom_hash) diff --git a/src/util/taler-exchange-secmod-rsa.c b/src/util/taler-exchange-secmod-rsa.c index 14709e2bd..028c54efe 100644 --- a/src/util/taler-exchange-secmod-rsa.c +++ b/src/util/taler-exchange-secmod-rsa.c @@ -208,10 +208,10 @@ struct WorkItem struct DenominationKey *dk; /** - * RSA signature over @e blinded_msg using @e dk. Result of doing the - * work. Initially NULL. + * Signature over @e blinded_msg using @e dk. Result of doing the + * work. Initially zero. */ - struct GNUNET_CRYPTO_RsaSignature *rsa_signature; + struct TALER_BlindedDenominationSignature denom_sig; /** * Coin_ev value to sign. @@ -424,11 +424,11 @@ sign_worker (void *cls) wi); work_counter--; GNUNET_assert (0 == pthread_mutex_unlock (&work_lock)); - wi->rsa_signature - = GNUNET_CRYPTO_rsa_sign_blinded ( - wi->dk->denom_priv.details.rsa_private_key, - wi->blinded_msg, - wi->blinded_msg_size); + GNUNET_break (GNUNET_OK == + TALER_denom_sign_blinded (&wi->denom_sig, + &wi->dk->denom_priv, + wi->blinded_msg, + wi->blinded_msg_size)); /* put completed work into done queue */ GNUNET_assert (0 == pthread_mutex_lock (&done_lock)); GNUNET_CONTAINER_DLL_insert (done_head, @@ -495,8 +495,8 @@ static void free_dk (struct DenominationKey *dk) { GNUNET_free (dk->filename); - GNUNET_CRYPTO_rsa_private_key_free (dk->denom_priv.details.rsa_private_key); - GNUNET_CRYPTO_rsa_public_key_free (dk->denom_pub.details.rsa_public_key); + TALER_denom_priv_free (&dk->denom_priv); + TALER_denom_pub_free (&dk->denom_pub); GNUNET_free (dk); } @@ -584,7 +584,7 @@ handle_done (void *cls) done_tail, wi); GNUNET_assert (0 == pthread_mutex_unlock (&done_lock)); - if (NULL == wi->rsa_signature) + if (TALER_DENOMINATION_INVALID == wi->denom_sig.cipher) { struct TALER_CRYPTO_SignFailure sf = { .header.size = htons (sizeof (sf)), @@ -605,10 +605,10 @@ handle_done (void *cls) size_t buf_size; size_t tsize; - buf_size = GNUNET_CRYPTO_rsa_signature_encode (wi->rsa_signature, - &buf); - GNUNET_CRYPTO_rsa_signature_free (wi->rsa_signature); - wi->rsa_signature = NULL; + buf_size = GNUNET_CRYPTO_rsa_signature_encode ( + wi->denom_sig.details.blinded_rsa_signature, + &buf); + TALER_blinded_denom_sig_free (&wi->denom_sig); tsize = sizeof (*sr) + buf_size; GNUNET_assert (tsize < UINT16_MAX); sr = GNUNET_malloc (tsize); @@ -844,19 +844,17 @@ setup_key (struct DenominationKey *dk, size_t buf_size; void *buf; - priv.cipher = TALER_DENOMINATION_RSA; - priv.details.rsa_private_key - = GNUNET_CRYPTO_rsa_private_key_create (denom->rsa_keysize); - if (NULL == priv.details.rsa_private_key) + if (GNUNET_OK != + TALER_denom_priv_create (&priv, + &pub, + TALER_DENOMINATION_RSA, + (unsigned int) denom->rsa_keysize)) { GNUNET_break (0); GNUNET_SCHEDULER_shutdown (); global_ret = 40; return GNUNET_SYSERR; } - TALER_denom_priv_to_pub (&priv, - 0 /* FIXME-Oec */, - &pub); buf_size = GNUNET_CRYPTO_rsa_private_key_encode (priv.details.rsa_private_key, &buf); TALER_denom_pub_hash (&pub, @@ -899,8 +897,8 @@ setup_key (struct DenominationKey *dk, { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Duplicate private key created! Terminating.\n"); - GNUNET_CRYPTO_rsa_private_key_free (dk->denom_priv.details.rsa_private_key); - GNUNET_CRYPTO_rsa_public_key_free (dk->denom_pub.details.rsa_public_key); + TALER_denom_priv_free (&dk->denom_priv); + TALER_denom_pub_free (&dk->denom_pub); GNUNET_free (dk->filename); GNUNET_free (dk); return GNUNET_SYSERR; @@ -1261,7 +1259,7 @@ purge_key (struct DenominationKey *dk) dk->purge = true; return; } - GNUNET_CRYPTO_rsa_private_key_free (dk->denom_priv.details.rsa_private_key); + TALER_denom_priv_free (&dk->denom_priv); GNUNET_free (dk); } @@ -1447,8 +1445,8 @@ parse_key (struct Denomination *denom, "Duplicate private key %s detected in file `%s'. Skipping.\n", GNUNET_h2s (&dk->h_denom_pub.hash), filename); - GNUNET_CRYPTO_rsa_private_key_free (priv.details.rsa_private_key); - GNUNET_CRYPTO_rsa_public_key_free (pub.details.rsa_public_key); + TALER_denom_priv_free (&priv); + TALER_denom_pub_free (&pub); GNUNET_free (dk); return; } diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c index 653df86f7..416ca5e2d 100644 --- a/src/util/test_crypto.c +++ b/src/util/test_crypto.c @@ -92,12 +92,11 @@ test_planchets (void) struct TALER_FreshCoin coin; struct TALER_CoinPubHash c_hash; - dk_priv.cipher = TALER_DENOMINATION_RSA; - dk_priv.details.rsa_private_key - = GNUNET_CRYPTO_rsa_private_key_create (1024); - TALER_denom_priv_to_pub (&dk_priv, - 0, - &dk_pub); + GNUNET_assert (GNUNET_OK == + TALER_denom_priv_create (&dk_priv, + &dk_pub, + TALER_DENOMINATION_RSA, + 1024)); TALER_planchet_setup_random (&ps); GNUNET_assert (GNUNET_OK == TALER_planchet_prepare (&dk_pub, |