summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2020-12-04 12:09:27 +0100
committerFlorian Dold <florian@dold.me>2020-12-04 12:10:09 +0100
commitd3b714922f2fecfeda09a9331a48ba58ab42857a (patch)
tree1db8e901a5e34b3b3dde12655b3dd023f2cb5e65
parent86dd5d46dd0afc50e16515f968997865c62b0482 (diff)
downloadexchange-d3b714922f2fecfeda09a9331a48ba58ab42857a.tar.gz
exchange-d3b714922f2fecfeda09a9331a48ba58ab42857a.tar.bz2
exchange-d3b714922f2fecfeda09a9331a48ba58ab42857a.zip
conditionally use (un)blinding implementation from libgnunetutil
-rw-r--r--src/exchange/taler-exchange-httpd_recoup.c10
-rw-r--r--src/include/taler_crypto_lib.h33
-rw-r--r--src/lib/exchange_api_link.c6
-rw-r--r--src/util/crypto.c83
-rw-r--r--src/util/test_helper_rsa.c26
5 files changed, 129 insertions, 29 deletions
diff --git a/src/exchange/taler-exchange-httpd_recoup.c b/src/exchange/taler-exchange-httpd_recoup.c
index 083950f8..fe8b8d60 100644
--- a/src/exchange/taler-exchange-httpd_recoup.c
+++ b/src/exchange/taler-exchange-httpd_recoup.c
@@ -438,11 +438,11 @@ verify_and_execute_recoup (struct MHD_Connection *connection,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
&c_hash);
if (GNUNET_YES !=
- GNUNET_CRYPTO_rsa_blind (&c_hash,
- &coin_bks->bks,
- dki->denom_pub.rsa_public_key,
- &coin_ev,
- &coin_ev_size))
+ TALER_rsa_blind (&c_hash,
+ &coin_bks->bks,
+ dki->denom_pub.rsa_public_key,
+ &coin_ev,
+ &coin_ev_size))
{
GNUNET_break (0);
TEH_KS_release (key_state);
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index ae738505..5e50ddd3 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -1142,4 +1142,37 @@ TALER_merchant_wire_signature_make (
struct TALER_MerchantSignatureP *merch_sig);
+/**
+ * Blinds the given message with the given blinding key
+ *
+ * @param hash hash of the message to sign
+ * @param bkey the blinding key
+ * @param pkey the public key of the signer
+ * @param[out] buf set to a buffer with the blinded message to be signed
+ * @param[out] buf_size number of bytes stored in @a buf
+ * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
+ */
+int
+TALER_rsa_blind (const struct GNUNET_HashCode *hash,
+ const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
+ struct GNUNET_CRYPTO_RsaPublicKey *pkey,
+ void **buf,
+ size_t *buf_size);
+
+
+/**
+ * Unblind a blind-signed signature. The signature should have been generated
+ * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
+ * #GNUNET_CRYPTO_rsa_blind().
+ *
+ * @param sig the signature made on the blinded signature purpose
+ * @param bks the blinding key secret used to blind the signature purpose
+ * @param pkey the public key of the signer
+ * @return unblinded signature on success, NULL if RSA key is bad or malicious.
+ */
+struct GNUNET_CRYPTO_RsaSignature *
+TALER_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
+ const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
+ struct GNUNET_CRYPTO_RsaPublicKey *pkey);
+
#endif
diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c
index 383efba5..33a77cdd 100644
--- a/src/lib/exchange_api_link.c
+++ b/src/lib/exchange_api_link.c
@@ -123,9 +123,9 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh,
/* extract coin and signature */
*coin_priv = fc.coin_priv;
sig->rsa_signature
- = GNUNET_CRYPTO_rsa_unblind (bsig,
- &fc.blinding_key.bks,
- rpub);
+ = TALER_rsa_unblind (bsig,
+ &fc.blinding_key.bks,
+ rpub);
/* verify link_sig */
{
struct TALER_PlanchetDetail pd;
diff --git a/src/util/crypto.c b/src/util/crypto.c
index b75cd8b4..1b829c9f 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -25,6 +25,19 @@
#include "taler_util.h"
#include <gcrypt.h>
+/**
+ * Should we use the RSA blind signing implementation
+ * from libgnunetutil? The blinding only works
+ * correctly with a current version of libgnunetutil.
+ *
+ * Only applies to blinding and unblinding, but
+ * not to blind signing.
+ *
+ * FIXME: Can we define some macro for this in configure.ac
+ * to detect the version?
+ */
+#define USE_GNUNET_RSA_BLINDING 1
+
/**
* Function called by libgcrypt on serious errors.
@@ -245,11 +258,11 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
c_hash);
if (GNUNET_YES !=
- GNUNET_CRYPTO_rsa_blind (c_hash,
- &ps->blinding_key.bks,
- dk->rsa_public_key,
- &pd->coin_ev,
- &pd->coin_ev_size))
+ TALER_rsa_blind (c_hash,
+ &ps->blinding_key.bks,
+ dk->rsa_public_key,
+ &pd->coin_ev,
+ &pd->coin_ev_size))
{
GNUNET_break_op (0);
return GNUNET_SYSERR;
@@ -280,9 +293,9 @@ TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk,
{
struct GNUNET_CRYPTO_RsaSignature *sig;
- sig = GNUNET_CRYPTO_rsa_unblind (blind_sig,
- &ps->blinding_key.bks,
- dk->rsa_public_key);
+ sig = TALER_rsa_unblind (blind_sig,
+ &ps->blinding_key.bks,
+ dk->rsa_public_key);
if (GNUNET_OK !=
GNUNET_CRYPTO_rsa_verify (c_hash,
sig,
@@ -381,4 +394,58 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
}
+/**
+ * Blinds the given message with the given blinding key
+ *
+ * @param hash hash of the message to sign
+ * @param bkey the blinding key
+ * @param pkey the public key of the signer
+ * @param[out] buf set to a buffer with the blinded message to be signed
+ * @param[out] buf_size number of bytes stored in @a buf
+ * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious
+ */
+int
+TALER_rsa_blind (const struct GNUNET_HashCode *hash,
+ const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
+ struct GNUNET_CRYPTO_RsaPublicKey *pkey,
+ void **buf,
+ size_t *buf_size)
+{
+#if USE_GNUNET_RSA_BLINDING
+ return GNUNET_CRYPTO_rsa_blind (hash,
+ bks,
+ pkey,
+ buf,
+ buf_size);
+#else
+# error "FIXME: implement"
+#endif
+}
+
+
+/**
+ * Unblind a blind-signed signature. The signature should have been generated
+ * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with
+ * #GNUNET_CRYPTO_rsa_blind().
+ *
+ * @param sig the signature made on the blinded signature purpose
+ * @param bks the blinding key secret used to blind the signature purpose
+ * @param pkey the public key of the signer
+ * @return unblinded signature on success, NULL if RSA key is bad or malicious.
+ */
+struct GNUNET_CRYPTO_RsaSignature *
+TALER_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
+ const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
+ struct GNUNET_CRYPTO_RsaPublicKey *pkey)
+{
+#if USE_GNUNET_RSA_BLINDING
+ return GNUNET_CRYPTO_rsa_unblind (sig,
+ bks,
+ pkey);
+#else
+# error "FIXME: implement"
+#endif
+}
+
+
/* end of crypto.c */
diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c
index f291f27e..f86ebdef 100644
--- a/src/util/test_helper_rsa.c
+++ b/src/util/test_helper_rsa.c
@@ -254,11 +254,11 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
void *buf;
size_t buf_size;
GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_rsa_blind (&m_hash,
- &bks,
- keys[i].denom_pub.rsa_public_key,
- &buf,
- &buf_size));
+ TALER_rsa_blind (&m_hash,
+ &bks,
+ keys[i].denom_pub.rsa_public_key,
+ &buf,
+ &buf_size));
GNUNET_log (GNUNET_ERROR_TYPE_INFO,
"Requesting signature over %u bytes with key %s\n",
(unsigned int) buf_size,
@@ -290,9 +290,9 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh)
{
struct GNUNET_CRYPTO_RsaSignature *rs;
- rs = GNUNET_CRYPTO_rsa_unblind (ds.rsa_signature,
- &bks,
- keys[i].denom_pub.rsa_public_key);
+ rs = TALER_rsa_unblind (ds.rsa_signature,
+ &bks,
+ keys[i].denom_pub.rsa_public_key);
if (NULL == rs)
{
GNUNET_break (0);
@@ -409,11 +409,11 @@ perf_signing (struct TALER_CRYPTO_DenominationHelper *dh)
size_t buf_size;
GNUNET_assert (GNUNET_YES ==
- GNUNET_CRYPTO_rsa_blind (&m_hash,
- &bks,
- keys[i].denom_pub.rsa_public_key,
- &buf,
- &buf_size));
+ TALER_rsa_blind (&m_hash,
+ &bks,
+ keys[i].denom_pub.rsa_public_key,
+ &buf,
+ &buf_size));
/* use this key as long as it works */
while (1)
{