first half of changing refresh protocol to derive all key data from DH

author: Christian Grothoff <christian@grothoff.org> 2016-08-05 16:08:19 +0200
committer: Christian Grothoff <christian@grothoff.org> 2016-08-05 16:08:19 +0200
commit: 745719dbc1482734ab3ca7a20541ee8a12ecb69c (patch)
tree: 68ca6a1f328f59351a69064c72dc87b92756b689 /src/include
parent: e800772c85e1e1399c756162921c3f557794ffea (diff)
download: exchange-745719dbc1482734ab3ca7a20541ee8a12ecb69c.tar.gz
exchange-745719dbc1482734ab3ca7a20541ee8a12ecb69c.tar.bz2
exchange-745719dbc1482734ab3ca7a20541ee8a12ecb69c.zip
3 files changed, 58 insertions, 187 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index e1fdeb2bc..e8e8f3a03 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -412,7 +412,7 @@ GNUNET_NETWORK_STRUCT_BEGIN
 struct TALER_TransferSecretP
 {
   /**
-   * Secret used to encrypt/decrypt the `struct TALER_LinkSecretP`.
+   * Secret used to derive private inputs for refreshed coins.
    * Must be (currently) a hash as this is what
    * #GNUNET_CRYPTO_ecc_ecdh() returns to us.
    */
@@ -421,49 +421,6 @@ struct TALER_TransferSecretP
 
 
 /**
- * @brief Secret used to decrypt refresh links.
- */
-struct TALER_LinkSecretP
-{
-  /**
-   * Secret used to decrypt the refresh link data.
-   */
-  char key[sizeof (struct GNUNET_HashCode)];
-};
-
-
-/**
- * @brief Encrypted secret used to decrypt refresh links.
- */
-struct TALER_EncryptedLinkSecretP
-{
-  /**
-   * Encrypted secret, must be the given size!
-   */
-  char enc[sizeof (struct TALER_LinkSecretP)];
-};
-
-
-/**
- * @brief Representation of an refresh link in cleartext.
- */
-struct TALER_RefreshLinkDecryptedP
-{
-
-  /**
-   * Private key of the coin.
-   */
-  struct TALER_CoinSpendPrivateKeyP coin_priv;
-
-  /**
-   * Blinding key.
-   */
-  struct TALER_DenominationBlindingKeyP blinding_key;
-
-};
-
-
-/**
  * Length of the raw value in the Taler wire transfer identifier
  * (in binary representation).
  */
@@ -540,44 +497,6 @@ struct TALER_RefreshLinkEncryptedP
 
 GNUNET_NETWORK_STRUCT_END
 
-
-
-/**
- * Decrypt the shared @a secret from the information in the
- * encrypted link secret @e secret_enc using the transfer
- * private key and the coin's public key.
- *
- * @param secret_enc encrypted link secret
- * @param trans_priv transfer private key
- * @param coin_pub coin public key
- * @param[out] secret set to the shared secret
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
-TALER_link_decrypt_secret (const struct TALER_EncryptedLinkSecretP *secret_enc,
-			   const struct TALER_TransferPrivateKeyP *trans_priv,
-			   const struct TALER_CoinSpendPublicKeyP *coin_pub,
-			   struct TALER_LinkSecretP *secret);
-
-
-/**
- * Decrypt the shared @a secret from the information in the
- * encrypted link secret @e secret_enc using the transfer
- * public key and the coin's private key.
- *
- * @param secret_enc encrypted link secret
- * @param trans_pub transfer public key
- * @param coin_priv coin private key
- * @param[out] secret set to the shared secret
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
- */
-int
-TALER_link_decrypt_secret2 (const struct TALER_EncryptedLinkSecretP *secret_enc,
-			    const struct TALER_TransferPublicKeyP *trans_pub,
-			    const struct TALER_CoinSpendPrivateKeyP *coin_priv,
-			    struct TALER_LinkSecretP *secret);
-
-
 /**
  * Given the coin and the transfer private keys, compute the
  * transfer secret.  (Technically, we only need one of the two
@@ -596,78 +515,68 @@ TALER_link_derive_transfer_secret (const struct TALER_CoinSpendPrivateKeyP *coin
 
 
 /**
- * Encrypt the shared @a secret to generate the encrypted link secret.
- * Also creates the transfer key.
+ * Decrypt the shared @a secret from the information in the
+ * @a trans_priv and @a coin_pub.
  *
- * @param secret link secret to encrypt
+ * @param trans_priv transfer private key
  * @param coin_pub coin public key
- * @param[out] trans_priv set to transfer private key
- * @param[out] trans_pub set to transfer public key
- * @param[out] secret_enc set to the encryptd @a secret
- * @return #GNUNET_OK on success, #GNUNET_SYSERR on error
+ * @param[out] secret set to the shared secret
  */
-int
-TALER_link_encrypt_secret (const struct TALER_LinkSecretP *secret,
-			   const struct TALER_CoinSpendPublicKeyP *coin_pub,
-			   struct TALER_TransferPrivateKeyP *trans_priv,
-			   struct TALER_TransferPublicKeyP *trans_pub,
-			   struct TALER_EncryptedLinkSecretP *secret_enc);
+void
+TALER_link_reveal_transfer_secret (const struct TALER_TransferPrivateKeyP *trans_priv,
+                                   const struct TALER_CoinSpendPublicKeyP *coin_pub,
+                                   struct TALER_TransferSecretP *transfer_secret);
+
 
 
 /**
- * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc
- * to obtain the @a secret to decrypt the linkage data.
+ * Decrypt the shared @a secret from the information in the
+ * @a trans_priv and @a coin_pub.
  *
- * @param secret_enc encrypted secret
- * @param trans_sec transfer secret
- * @param secret shared secret for refresh link decryption
- * @return #GNUNET_OK on success
+ * @param trans_pub transfer private key
+ * @param coin_priv coin public key
+ * @param[out] secret set to the shared secret
  */
-int
-TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecretP *secret_enc,
-                        const struct TALER_TransferSecretP *trans_sec,
-                        struct TALER_LinkSecretP *secret);
+void
+TALER_link_recover_transfer_secret (const struct TALER_TransferPublicKeyP *trans_pub,
+                                    const struct TALER_CoinSpendPrivateKeyP *coin_priv,
+                                    struct TALER_TransferSecretP *transfer_secret);
 
 
 /**
- * Use the @a trans_sec (from ECDHE) to encrypt the @a secret
- * to obtain the @a secret_enc.
- *
- * @param secret shared secret for refresh link decryption
- * @param trans_sec transfer secret
- * @param[out] secret_enc encrypted secret
- * @return #GNUNET_OK on success
+ * Header for serializations of coin-specific information about the
+ * fresh coins we generate during a melt.
  */
-int
-TALER_transfer_encrypt (const struct TALER_LinkSecretP *secret,
-                        const struct TALER_TransferSecretP *trans_sec,
-                        struct TALER_EncryptedLinkSecretP *secret_enc);
+struct TALER_FreshCoinP
+{
 
+  /**
+   * Private key of the coin.
+   */
+  struct TALER_CoinSpendPrivateKeyP coin_priv;
 
-/**
- * Decrypt refresh link information.
- *
- * @param input encrypted refresh link data
- * @param secret shared secret to use for decryption
- * @param[out] output where to write decrypted refresh link
- */
-void
-TALER_refresh_decrypt (const struct TALER_RefreshLinkEncryptedP *input,
-                       const struct TALER_LinkSecretP *secret,
-		       struct TALER_RefreshLinkDecryptedP *output);
+  /**
+   * The blinding key.
+   */
+  struct TALER_DenominationBlindingKeyP blinding_key;
+
+};
 
 
 /**
- * Encrypt refresh link information.
+ * Setup information for a fresh coin, deriving the coin private key
+ * and the blinding factor from the @a secret_seed with a KDF salted
+ * by the @a coin_num_salt.
  *
- * @param input plaintext refresh link data
- * @param secret shared secret to use for encryption
- * @param[out] output where to write encrypted refresh link
+ * @param secret_seed seed to use for KDF to derive coin keys
+ * @param coin_num_salt number of the coin to include in KDF
+ * @param[out] fc value to initialize
  */
 void
-TALER_refresh_encrypt (const struct TALER_RefreshLinkDecryptedP *input,
-                       const struct TALER_LinkSecretP *secret,
-		       struct TALER_RefreshLinkEncryptedP *output);
+TALER_setup_fresh_coin (const struct TALER_TransferSecretP *secret_seed,
+                        unsigned int coin_num_salt,
+                        struct TALER_FreshCoinP *fc);
+
 
 
 #endif
diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h
index ddc7f7714..0377806f4 100644
--- a/src/include/taler_exchangedb_plugin.h
+++ b/src/include/taler_exchangedb_plugin.h
@@ -445,12 +445,6 @@ struct TALER_EXCHANGEDB_RefreshCommitCoin
 {
 
   /**
-   * Encrypted data allowing those able to decrypt it to derive
-   * the private keys of the new coins created by the refresh.
-   */
-  struct TALER_RefreshLinkEncryptedP refresh_link;
-
-  /**
    * Blinded message to be signed (in envelope), with @e coin_env_size bytes.
    */
   char *coin_ev;
@@ -474,12 +468,6 @@ struct TALER_EXCHANGEDB_LinkDataList
   struct TALER_EXCHANGEDB_LinkDataList *next;
 
   /**
-   * Link data, used to recover the private key of the coin
-   * by the owner of the old coin.
-   */
-  struct TALER_RefreshLinkEncryptedP link_data_enc;
-
-  /**
    * Denomination public key, determines the value of the coin.
    */
   struct TALER_DenominationPublicKey denom_pub;
@@ -579,9 +567,9 @@ struct TALER_EXCHANGEDB_MeltCommitment
   struct TALER_EXCHANGEDB_RefreshCommitCoin *commit_coins[TALER_CNC_KAPPA];
 
   /**
-   * Array of #TALER_CNC_KAPPA links.
+   * Array of #TALER_CNC_KAPPA transfer public keys.
    */
-  struct TALER_RefreshCommitLinkP commit_links[TALER_CNC_KAPPA];
+  struct TALER_TransferPublicKeyP transfer_pubs[TALER_CNC_KAPPA];
 };
 
 
@@ -635,8 +623,7 @@ typedef int
 typedef void
 (*TALER_EXCHANGEDB_TransferDataCallback)(void *cls,
                                          const struct GNUNET_HashCode *session_hash,
-                                         const struct TALER_TransferPublicKeyP *transfer_pub,
-                                         const struct TALER_EncryptedLinkSecretP *shared_secret_enc);
+                                         const struct TALER_TransferPublicKeyP *transfer_pub);
 
 
 /**
@@ -1217,15 +1204,15 @@ struct TALER_EXCHANGEDB_Plugin
    * @param session database connection to use
    * @param session_hash hash to identify refresh session
    * @param cnc_index cut and choose index, relating to #TALER_CNC_KAPPA
-   * @param link link information to store
+   * @param tp public key to store
    * @return #GNUNET_SYSERR on internal error, #GNUNET_OK on success
    */
   int
-  (*insert_refresh_commit_link) (void *cls,
-                                 struct TALER_EXCHANGEDB_Session *session,
-                                 const struct GNUNET_HashCode *session_hash,
-                                 uint16_t cnc_index,
-                                 const struct TALER_RefreshCommitLinkP *link);
+  (*insert_refresh_transfer_public_key) (void *cls,
+                                         struct TALER_EXCHANGEDB_Session *session,
+                                         const struct GNUNET_HashCode *session_hash,
+                                         uint16_t cnc_index,
+                                         const struct TALER_TransferPublicKeyP *tp);
 
   /**
    * Obtain the commited (encrypted) refresh link data
@@ -1235,17 +1222,17 @@ struct TALER_EXCHANGEDB_Plugin
    * @param session database connection to use
    * @param session_hash hash to identify refresh session
    * @param cnc_index cut and choose index (1st dimension)
-   * @param[out] link information to return
+   * @param[out] tp information to return
    * @return #GNUNET_SYSERR on internal error,
    *         #GNUNET_NO if commitment was not found
    *         #GNUNET_OK on success
    */
   int
-  (*get_refresh_commit_link) (void *cls,
-                              struct TALER_EXCHANGEDB_Session *session,
-                              const struct GNUNET_HashCode *session_hash,
-                              uint16_t cnc_index,
-                              struct TALER_RefreshCommitLinkP *link);
+  (*get_refresh_transfer_public_key) (void *cls,
+                                      struct TALER_EXCHANGEDB_Session *session,
+                                      const struct GNUNET_HashCode *session_hash,
+                                      uint16_t cnc_index,
+                                      struct TALER_TransferPublicKeyP *tp);
 
 
   /**
diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h
index 098799538..a4d599cd7 100644
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@@ -878,31 +878,6 @@ struct TALER_ExchangeKeyValidityPS
 
 
 /**
- * @brief For each (old) coin being melted, we have a `struct
- * RefreshCommitLinkP` that allows the user to find the shared secret
- * to decrypt the respective refresh links for the new coins in the
- * `struct TALER_EXCHANGEDB_RefreshCommitCoin`.
- *
- * Part of the construction of the refresh session's hash and
- * thus of what is signed there.
- */
-struct TALER_RefreshCommitLinkP
-{
-  /**
-   * Transfer public key, used to decrypt the @e shared_secret_enc
-   * in combintation with the corresponding private key of the
-   * coin.
-   */
-  struct TALER_TransferPublicKeyP transfer_pub;
-
-  /**
-   * Encrypted shared secret to decrypt the link.
-   */
-  struct TALER_EncryptedLinkSecretP shared_secret_enc;
-};
-
-
-/**
  * @brief Information signed by the exchange's master
  * key affirming the SEPA details for the exchange.
  */
author	Christian Grothoff <christian@grothoff.org>	2016-08-05 16:08:19 +0200
committer	Christian Grothoff <christian@grothoff.org>	2016-08-05 16:08:19 +0200
commit	745719dbc1482734ab3ca7a20541ee8a12ecb69c (patch)
tree	68ca6a1f328f59351a69064c72dc87b92756b689 /src/include
parent	e800772c85e1e1399c756162921c3f557794ffea (diff)
download	exchange-745719dbc1482734ab3ca7a20541ee8a12ecb69c.tar.gz exchange-745719dbc1482734ab3ca7a20541ee8a12ecb69c.tar.bz2 exchange-745719dbc1482734ab3ca7a20541ee8a12ecb69c.zip