diff options
author | Christian Grothoff <christian@grothoff.org> | 2023-10-28 01:50:26 +0200 |
---|---|---|
committer | Christian Grothoff <christian@grothoff.org> | 2023-10-28 01:50:26 +0200 |
commit | 9c730063ee7f622a4908f7d78f618a3e24040fb2 (patch) | |
tree | c5eb08649fc379e3d2fe80ce0314344b26f4bfdc /src | |
parent | c381004e5dadbe528b56683bfe4ad3f29251d833 (diff) | |
download | exchange-9c730063ee7f622a4908f7d78f618a3e24040fb2.tar.gz exchange-9c730063ee7f622a4908f7d78f618a3e24040fb2.tar.bz2 exchange-9c730063ee7f622a4908f7d78f618a3e24040fb2.zip |
new blind signature logic bug fixes
Diffstat (limited to 'src')
-rw-r--r-- | src/include/taler_crypto_lib.h | 22 | ||||
-rw-r--r-- | src/lib/exchange_api_melt.c | 15 | ||||
-rw-r--r-- | src/lib/exchange_api_refresh_common.c | 14 | ||||
-rw-r--r-- | src/lib/exchange_api_refreshes_reveal.c | 13 | ||||
-rw-r--r-- | src/testing/testing_api_cmd_refresh.c | 21 | ||||
-rw-r--r-- | src/util/crypto_helper_rsa.c | 1 | ||||
-rw-r--r-- | src/util/denom.c | 39 |
7 files changed, 104 insertions, 21 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 82d737004..7ea44189c 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -1352,6 +1352,19 @@ TALER_denom_ewv_rsa_singleton (void); /** + * Make a (deep) copy of the given @a bi_src to + * @a bi_dst. + * + * @param[out] bi_dst target to copy to + * @param bi_src blinding input values to copy + */ +void +TALER_denom_ewv_deep_copy ( + struct TALER_ExchangeWithdrawValues *bi_dst, + const struct TALER_ExchangeWithdrawValues *bi_src); + + +/** * Create private key for a Taler coin. * @param ps planchet secret to derive coin priv key * @param alg_values includes algorithm specific values @@ -1421,6 +1434,15 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub); /** + * Free internals of @a ewv, but not @a ewv itself. + * + * @param[in] ewv input values to free + */ +void +TALER_denom_ewv_free (struct TALER_ExchangeWithdrawValues *ewv); + + +/** * Free internals of @a denom_priv, but not @a denom_priv itself. * * @param[in] denom_priv key to free diff --git a/src/lib/exchange_api_melt.c b/src/lib/exchange_api_melt.c index 906772767..24b064476 100644 --- a/src/lib/exchange_api_melt.c +++ b/src/lib/exchange_api_melt.c @@ -308,7 +308,13 @@ start_melt (struct TALER_EXCHANGE_MeltHandle *mh) struct TALER_ExchangeWithdrawValues alg_values[mh->rd->fresh_pks_len]; for (unsigned int i = 0; i<mh->rd->fresh_pks_len; i++) - alg_values[i] = mh->mbds[i].alg_value; + { + if (GNUNET_CRYPTO_BSA_RSA == + mh->rd->fresh_pks[i].key.bsign_pub_key->cipher) + alg_values[i] = *TALER_denom_ewv_rsa_singleton (); + else + alg_values[i] = mh->mbds[i].alg_value; + } if (GNUNET_OK != TALER_EXCHANGE_get_melt_data_ (&mh->rms, mh->rd, @@ -470,7 +476,8 @@ csr_cb (void *cls, case GNUNET_CRYPTO_BSA_RSA: break; case GNUNET_CRYPTO_BSA_CS: - *wv = csrr->details.ok.alg_values[nks_off]; + TALER_denom_ewv_deep_copy (wv, + &csrr->details.ok.alg_values[nks_off]); nks_off++; break; } @@ -528,6 +535,8 @@ TALER_EXCHANGE_melt ( GNUNET_free (mh); return NULL; case GNUNET_CRYPTO_BSA_RSA: + TALER_denom_ewv_deep_copy (&mh->mbds[i].alg_value, + TALER_denom_ewv_rsa_singleton ()); break; case GNUNET_CRYPTO_BSA_CS: nks[nks_off].pk = fresh_pk; @@ -568,6 +577,8 @@ TALER_EXCHANGE_melt ( void TALER_EXCHANGE_melt_cancel (struct TALER_EXCHANGE_MeltHandle *mh) { + for (unsigned int i = 0; i<mh->rd->fresh_pks_len; i++) + TALER_denom_ewv_free (&mh->mbds[i].alg_value); if (NULL != mh->job) { GNUNET_CURL_job_cancel (mh->job); diff --git a/src/lib/exchange_api_refresh_common.c b/src/lib/exchange_api_refresh_common.c index 2e92807b3..652581d8e 100644 --- a/src/lib/exchange_api_refresh_common.c +++ b/src/lib/exchange_api_refresh_common.c @@ -102,6 +102,13 @@ TALER_EXCHANGE_get_melt_data_ ( TALER_denom_pub_deep_copy (&fcd->fresh_pk, &rd->fresh_pks[j].key); GNUNET_assert (NULL != fcd->fresh_pk.bsign_pub_key); + if (alg_values[j].blinding_inputs->cipher != + fcd->fresh_pk.bsign_pub_key->cipher) + { + GNUNET_break (0); + TALER_EXCHANGE_free_melt_data_ (md); + return GNUNET_SYSERR; + } switch (fcd->fresh_pk.bsign_pub_key->cipher) { case GNUNET_CRYPTO_BSA_INVALID: @@ -111,13 +118,6 @@ TALER_EXCHANGE_get_melt_data_ ( case GNUNET_CRYPTO_BSA_RSA: break; case GNUNET_CRYPTO_BSA_CS: - if (alg_values[j].blinding_inputs->cipher != - fcd->fresh_pk.bsign_pub_key->cipher) - { - GNUNET_break (0); - TALER_EXCHANGE_free_melt_data_ (md); - return GNUNET_SYSERR; - } uses_cs = true; TALER_cs_refresh_nonce_derive (rms, j, diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c index a4ea47763..9161ac3df 100644 --- a/src/lib/exchange_api_refreshes_reveal.c +++ b/src/lib/exchange_api_refreshes_reveal.c @@ -420,6 +420,7 @@ TALER_EXCHANGE_refreshes_reveal ( for (size_t i = 0; i < rd->melt_age_commitment_proof->commitment.num; i++) { enum GNUNET_GenericReturnValue ret; + ret = json_array_append_new ( old_age_commitment, GNUNET_JSON_from_data_auto ( @@ -470,9 +471,13 @@ TALER_EXCHANGE_refreshes_reveal ( rrh->reveal_cb_cls = reveal_cb_cls; rrh->md = md; rrh->alg_values - = GNUNET_memdup (alg_values, - md.num_fresh_coins - * sizeof (struct TALER_ExchangeWithdrawValues)); + = GNUNET_new_array (md.num_fresh_coins, + struct TALER_ExchangeWithdrawValues); + for (unsigned int i = 0; i<md.num_fresh_coins; i++) + { + TALER_denom_ewv_deep_copy (&rrh->alg_values[i], + &alg_values[i]); + } rrh->url = TALER_url_join (url, arg_str, NULL); @@ -521,6 +526,8 @@ TALER_EXCHANGE_refreshes_reveal_cancel ( GNUNET_CURL_job_cancel (rrh->job); rrh->job = NULL; } + for (unsigned int i = 0; i<rrh->md.num_fresh_coins; i++) + TALER_denom_ewv_free (&rrh->alg_values[i]); GNUNET_free (rrh->alg_values); GNUNET_free (rrh->url); TALER_curl_easy_post_finished (&rrh->ctx); diff --git a/src/testing/testing_api_cmd_refresh.c b/src/testing/testing_api_cmd_refresh.c index ac1a8559e..c5e20f2ad 100644 --- a/src/testing/testing_api_cmd_refresh.c +++ b/src/testing/testing_api_cmd_refresh.c @@ -964,10 +964,12 @@ melt_cb (void *cls, return; } GNUNET_free (rms->mbds); - rms->mbds = GNUNET_memdup (mr->details.ok.mbds, - mr->details.ok.num_mbds - * sizeof (struct - TALER_EXCHANGE_MeltBlindingDetail)); + rms->mbds = GNUNET_new_array ( + mr->details.ok.num_mbds, + struct TALER_EXCHANGE_MeltBlindingDetail); + for (unsigned int i = 0; i<mr->details.ok.num_mbds; i++) + TALER_denom_ewv_deep_copy (&rms->mbds[i].alg_value, + &mr->details.ok.mbds[i].alg_value); } if (0 != rms->total_backoff.rel_value_us) { @@ -1059,7 +1061,6 @@ melt_run (void *cls, TALER_TESTING_interpreter_fail (rms->is); return; } - if (GNUNET_OK != TALER_TESTING_get_trait_age_commitment_proof (coin_command, 0, @@ -1079,7 +1080,6 @@ melt_run (void *cls, TALER_TESTING_interpreter_fail (rms->is); return; } - if (GNUNET_OK != TALER_TESTING_get_trait_denom_sig (coin_command, 0, @@ -1089,7 +1089,6 @@ melt_run (void *cls, TALER_TESTING_interpreter_fail (rms->is); return; } - if (GNUNET_OK != TALER_TESTING_get_trait_denom_pub (coin_command, 0, @@ -1217,8 +1216,12 @@ melt_cleanup (void *cls, TALER_denom_pub_free (&rms->fresh_pks[i].key); GNUNET_free (rms->fresh_pks); } - - GNUNET_free (rms->mbds); + if (NULL != rms->mbds) + { + for (unsigned int i = 0; i < rms->num_fresh_coins; i++) + TALER_denom_ewv_free (&rms->mbds[i].alg_value); + GNUNET_free (rms->mbds); + } GNUNET_free (rms->melt_fresh_amounts); GNUNET_free (rms); } diff --git a/src/util/crypto_helper_rsa.c b/src/util/crypto_helper_rsa.c index 7dd584aaf..58ed5a375 100644 --- a/src/util/crypto_helper_rsa.c +++ b/src/util/crypto_helper_rsa.c @@ -776,6 +776,7 @@ more: wpos); blind_sig = GNUNET_new (struct GNUNET_CRYPTO_BlindedSignature); blind_sig->cipher = GNUNET_CRYPTO_BSA_RSA; + blind_sig->rc = 1; blind_sig->details.blinded_rsa_signature = rsa_signature; bss[wpos].blinded_sig = blind_sig; wpos++; diff --git a/src/util/denom.c b/src/util/denom.c index 50f191b2a..7d24104b7 100644 --- a/src/util/denom.c +++ b/src/util/denom.c @@ -31,6 +31,12 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv, enum GNUNET_GenericReturnValue ret; va_list ap; + memset (denom_pub, + 0, + sizeof (*denom_pub)); + memset (denom_priv, + 0, + sizeof (*denom_priv)); va_start (ap, cipher); ret = GNUNET_CRYPTO_blind_sign_keys_create_va ( @@ -227,6 +233,39 @@ TALER_blinded_denom_sig_free ( void +TALER_denom_ewv_free (struct TALER_ExchangeWithdrawValues *ewv) +{ + if (ewv == TALER_denom_ewv_rsa_singleton ()) + return; + if (ewv->blinding_inputs == + TALER_denom_ewv_rsa_singleton ()->blinding_inputs) + { + ewv->blinding_inputs = NULL; + return; + } + if (NULL != ewv->blinding_inputs) + { + GNUNET_CRYPTO_blinding_input_values_decref (ewv->blinding_inputs); + ewv->blinding_inputs = NULL; + } +} + + +void +TALER_denom_ewv_deep_copy (struct TALER_ExchangeWithdrawValues *bi_dst, + const struct TALER_ExchangeWithdrawValues *bi_src) +{ + if (bi_src == TALER_denom_ewv_rsa_singleton ()) + { + *bi_dst = *bi_src; + return; + } + bi_dst->blinding_inputs + = GNUNET_CRYPTO_blinding_input_values_incref (bi_src->blinding_inputs); +} + + +void TALER_denom_pub_deep_copy (struct TALER_DenominationPublicKey *denom_dst, const struct TALER_DenominationPublicKey *denom_src) { |