diff options
| -rw-r--r-- | src/exchange/taler-exchange-httpd_keys.c | 32 | ||||
| -rw-r--r-- | src/include/taler_crypto_lib.h | 29 | ||||
| -rw-r--r-- | src/util/crypto_helper_cs.c | 22 | ||||
| -rw-r--r-- | src/util/taler-exchange-secmod-cs.c | 20 | ||||
| -rw-r--r-- | src/util/taler-exchange-secmod-cs.h | 66 | ||||
| -rw-r--r-- | src/util/taler-exchange-secmod-rsa.h | 6 | ||||
| -rw-r--r-- | src/util/test_helper_cs.c | 28 |
7 files changed, 131 insertions, 72 deletions
diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c index b4f4bacfb..52aa9015c 100644 --- a/src/exchange/taler-exchange-httpd_keys.c +++ b/src/exchange/taler-exchange-httpd_keys.c @@ -2781,11 +2781,16 @@ TEH_keys_denomination_sign_withdraw ( } case TALER_DENOMINATION_CS: TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_CS]++; - return TALER_CRYPTO_helper_cs_sign_withdraw ( - ksh->helpers->csdh, - &hd->h_details.h_cs, - &bp->details.cs_blinded_planchet, - bs); + { + struct TALER_CRYPTO_CsSignRequest csr; + + csr.h_cs = &hd->h_details.h_cs; + csr.blinded_planchet = &bp->details.cs_blinded_planchet; + return TALER_CRYPTO_helper_cs_sign_withdraw ( + ksh->helpers->csdh, + &csr, + bs); + } default: return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE; } @@ -2827,12 +2832,17 @@ TEH_keys_denomination_sign_melt ( bs); } case TALER_DENOMINATION_CS: - TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_CS]++; - return TALER_CRYPTO_helper_cs_sign_melt ( - ksh->helpers->csdh, - &hd->h_details.h_cs, - &bp->details.cs_blinded_planchet, - bs); + { + struct TALER_CRYPTO_CsSignRequest csr; + + csr.h_cs = &hd->h_details.h_cs; + csr.blinded_planchet = &bp->details.cs_blinded_planchet; + TEH_METRICS_num_signatures[TEH_MT_SIGNATURE_CS]++; + return TALER_CRYPTO_helper_cs_sign_melt ( + ksh->helpers->csdh, + &csr, + bs); + } default: return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE; } diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index b0d6cbf28..2f12a47ba 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -2467,6 +2467,23 @@ TALER_CRYPTO_helper_cs_poll (struct TALER_CRYPTO_CsDenominationHelper *dh); /** + * Information about what we should sign over. + */ +struct TALER_CRYPTO_CsSignRequest +{ + /** + * Hash of the CS public key to use to sign. + */ + const struct TALER_CsPubHashP *h_cs; + + /** + * Blinded planchet containing c and the nonce. + */ + const struct TALER_BlindedCsPlanchet *blinded_planchet; +}; + + +/** * Request helper @a dh to sign @a msg using the public key corresponding to * @a h_denom_pub. * @@ -2477,16 +2494,14 @@ TALER_CRYPTO_helper_cs_poll (struct TALER_CRYPTO_CsDenominationHelper *dh); * differences in the signature counters. Retrying in this case may work. * * @param dh helper process connection - * @param h_cs hash of the CS public key to use to sign - * @param blinded_planchet blinded planchet containing c and nonce + * @param req information about the key to sign with and the value to sign * @param[out] bs set to the blind signature * @return #TALER_EC_NONE on success */ enum TALER_ErrorCode TALER_CRYPTO_helper_cs_sign_melt ( struct TALER_CRYPTO_CsDenominationHelper *dh, - const struct TALER_CsPubHashP *h_cs, - const struct TALER_BlindedCsPlanchet *blinded_planchet, + const struct TALER_CRYPTO_CsSignRequest *req, struct TALER_BlindedDenominationSignature *bs); @@ -2501,16 +2516,14 @@ TALER_CRYPTO_helper_cs_sign_melt ( * differences in the signature counters. Retrying in this case may work. * * @param dh helper process connection - * @param h_cs hash of the CS public key to use to sign - * @param blinded_planchet blinded planchet containing c and nonce + * @param req information about the key to sign with and the value to sign * @param[out] bs set to the blind signature * @return #TALER_EC_NONE on success */ enum TALER_ErrorCode TALER_CRYPTO_helper_cs_sign_withdraw ( struct TALER_CRYPTO_CsDenominationHelper *dh, - const struct TALER_CsPubHashP *h_cs, - const struct TALER_BlindedCsPlanchet *blinded_planchet, + const struct TALER_CRYPTO_CsSignRequest *req, struct TALER_BlindedDenominationSignature *bs); diff --git a/src/util/crypto_helper_cs.c b/src/util/crypto_helper_cs.c index e12d5ad61..8b7602c0e 100644 --- a/src/util/crypto_helper_cs.c +++ b/src/util/crypto_helper_cs.c @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2020, 2021 Taler Systems SA + Copyright (C) 2020, 2021, 2022 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -419,9 +419,9 @@ helper_cs_sign ( GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Requesting signature\n"); { - char buf[sizeof (struct TALER_CRYPTO_CsSignRequest)]; - struct TALER_CRYPTO_CsSignRequest *sr - = (struct TALER_CRYPTO_CsSignRequest *) buf; + char buf[sizeof (struct TALER_CRYPTO_CsSignRequestMessage)]; + struct TALER_CRYPTO_CsSignRequestMessage *sr + = (struct TALER_CRYPTO_CsSignRequestMessage *) buf; sr->header.size = htons (sizeof (buf)); sr->header.type = htons (TALER_HELPER_CS_MT_REQ_SIGN); @@ -594,13 +594,12 @@ end: enum TALER_ErrorCode TALER_CRYPTO_helper_cs_sign_melt ( struct TALER_CRYPTO_CsDenominationHelper *dh, - const struct TALER_CsPubHashP *h_cs, - const struct TALER_BlindedCsPlanchet *blinded_planchet, + const struct TALER_CRYPTO_CsSignRequest *req, struct TALER_BlindedDenominationSignature *bs) { return helper_cs_sign (dh, - h_cs, - blinded_planchet, + req->h_cs, + req->blinded_planchet, true, bs); } @@ -609,13 +608,12 @@ TALER_CRYPTO_helper_cs_sign_melt ( enum TALER_ErrorCode TALER_CRYPTO_helper_cs_sign_withdraw ( struct TALER_CRYPTO_CsDenominationHelper *dh, - const struct TALER_CsPubHashP *h_cs, - const struct TALER_BlindedCsPlanchet *blinded_planchet, + const struct TALER_CRYPTO_CsSignRequest *req, struct TALER_BlindedDenominationSignature *bs) { return helper_cs_sign (dh, - h_cs, - blinded_planchet, + req->h_cs, + req->blinded_planchet, false, bs); } diff --git a/src/util/taler-exchange-secmod-cs.c b/src/util/taler-exchange-secmod-cs.c index 01b74868e..176214e34 100644 --- a/src/util/taler-exchange-secmod-cs.c +++ b/src/util/taler-exchange-secmod-cs.c @@ -277,7 +277,7 @@ generate_response (struct DenominationKey *dk) */ static enum GNUNET_GenericReturnValue handle_sign_request (struct TES_Client *client, - const struct TALER_CRYPTO_CsSignRequest *sr) + const struct TALER_CRYPTO_CsSignRequestMessage *sr) { struct DenominationKey *dk; struct GNUNET_CRYPTO_CsRSecret r[2]; @@ -340,20 +340,6 @@ handle_sign_request (struct TES_Client *client, GNUNET_assert (dk->rc > 0); dk->rc--; GNUNET_assert (0 == pthread_mutex_unlock (&keys_lock)); - // if (NULL == cs_answer) - // { - // struct TALER_CRYPTO_SignFailure sf = { - // .header.size = htons (sizeof (sf)), - // .header.type = htons (TALER_HELPER_CS_MT_RES_SIGN_FAILURE), - // .ec = htonl (TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE) - // }; - - // GNUNET_log (GNUNET_ERROR_TYPE_WARNING, - // "Signing request failed, worker failed to produce signature\n"); - // return TES_transmit (client->csock, - // &sf.header); - // } - { struct TALER_CRYPTO_SignResponse *sr; size_t tsize; @@ -651,14 +637,14 @@ cs_work_dispatch (struct TES_Client *client, switch (ntohs (hdr->type)) { case TALER_HELPER_CS_MT_REQ_SIGN: - if (msize < sizeof (struct TALER_CRYPTO_CsSignRequest)) + if (msize < sizeof (struct TALER_CRYPTO_CsSignRequestMessage)) { GNUNET_break_op (0); return GNUNET_SYSERR; } return handle_sign_request ( client, - (const struct TALER_CRYPTO_CsSignRequest *) hdr); + (const struct TALER_CRYPTO_CsSignRequestMessage *) hdr); case TALER_HELPER_CS_MT_REQ_REVOKE: if (msize != sizeof (struct TALER_CRYPTO_CsRevokeRequest)) { diff --git a/src/util/taler-exchange-secmod-cs.h b/src/util/taler-exchange-secmod-cs.h index c71c3b9af..21b1ef4ca 100644 --- a/src/util/taler-exchange-secmod-cs.h +++ b/src/util/taler-exchange-secmod-cs.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2020 Taler Systems SA + Copyright (C) 2020-2022 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -26,17 +26,19 @@ #define TALER_HELPER_CS_MT_PURGE 1 #define TALER_HELPER_CS_MT_AVAIL 2 -#define TALER_HELPER_CS_MT_REQ_INIT 4 +#define TALER_HELPER_CS_MT_REQ_INIT 3 +#define TALER_HELPER_CS_MT_REQ_BATCH_SIGN 4 #define TALER_HELPER_CS_MT_REQ_SIGN 5 #define TALER_HELPER_CS_MT_REQ_REVOKE 6 -#define TALER_HELPER_CS_MT_REQ_RDERIVE 7 +#define TALER_HELPER_CS_MT_REQ_BATCH_RDERIVE 7 +#define TALER_HELPER_CS_MT_REQ_RDERIVE 8 -#define TALER_HELPER_CS_MT_RES_SIGNATURE 8 -#define TALER_HELPER_CS_MT_RES_SIGN_FAILURE 9 -#define TALER_HELPER_CS_MT_RES_RDERIVE 10 -#define TALER_HELPER_CS_MT_RES_RDERIVE_FAILURE 11 +#define TALER_HELPER_CS_MT_RES_SIGNATURE 9 +#define TALER_HELPER_CS_MT_RES_SIGN_FAILURE 10 +#define TALER_HELPER_CS_MT_RES_RDERIVE 11 +#define TALER_HELPER_CS_MT_RES_RDERIVE_FAILURE 12 -#define TALER_HELPER_CS_SYNCED 12 +#define TALER_HELPER_CS_SYNCED 13 GNUNET_NETWORK_STRUCT_BEGIN @@ -114,7 +116,7 @@ struct TALER_CRYPTO_CsKeyPurgeNotification /** * Message sent if a signature is requested. */ -struct TALER_CRYPTO_CsSignRequest +struct TALER_CRYPTO_CsSignRequestMessage { /** * Type is #TALER_HELPER_CS_MT_REQ_SIGN. @@ -139,6 +141,29 @@ struct TALER_CRYPTO_CsSignRequest }; + +/** + * Message sent if a batch of signatures is requested. + */ +struct TALER_CRYPTO_BatchSignRequest +{ + /** + * Type is #TALER_HELPER_CS_MT_REQ_BATCH_SIGN. + */ + struct GNUNET_MessageHeader header; + + /** + * Number of signatures to create, in NBO. + */ + uint32_t batch_size; + + /* + * Followed by @e batch_size batch sign requests. + */ + +}; + + /** * Message sent if a signature is requested. */ @@ -165,6 +190,29 @@ struct TALER_CRYPTO_CsRDeriveRequest struct TALER_CsNonce nonce; }; + +/** + * Message sent if a batch of derivations is requested. + */ +struct TALER_CRYPTO_BatchDeriveRequest +{ + /** + * Type is #TALER_HELPER_RSA_MT_REQ_BATCH_RDERIVE. + */ + struct GNUNET_MessageHeader header; + + /** + * Number of derivations to create, in NBO. + */ + uint32_t batch_size; + + /* + * Followed by @e batch_size derive requests. + */ + +}; + + /** * Message sent if a key was revoked. */ diff --git a/src/util/taler-exchange-secmod-rsa.h b/src/util/taler-exchange-secmod-rsa.h index dddaf3e1c..ffbceb48e 100644 --- a/src/util/taler-exchange-secmod-rsa.h +++ b/src/util/taler-exchange-secmod-rsa.h @@ -1,6 +1,6 @@ /* This file is part of TALER - Copyright (C) 2020 Taler Systems SA + Copyright (C) 2020-2022 Taler Systems SA TALER is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software @@ -136,7 +136,7 @@ struct TALER_CRYPTO_SignRequest /** - * Message sent if a signature is requested. + * Message sent if a batch of signatures is requested. */ struct TALER_CRYPTO_BatchSignRequest { @@ -151,7 +151,7 @@ struct TALER_CRYPTO_BatchSignRequest uint32_t batch_size; /* - * Followed by @e batch_size batch sign requests. + * Followed by @e batch_size sign requests. */ }; diff --git a/src/util/test_helper_cs.c b/src/util/test_helper_cs.c index 566f1d611..1a40fa1ef 100644 --- a/src/util/test_helper_cs.c +++ b/src/util/test_helper_cs.c @@ -423,6 +423,7 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh) continue; { struct TALER_PlanchetDetail pd; + struct TALER_CRYPTO_CsSignRequest csr; pd.blinded_planchet.cipher = TALER_DENOMINATION_CS; // keys[i].denom_pub.cipher = TALER_DENOMINATION_CS; @@ -458,11 +459,12 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh) GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Requesting signature with key %s\n", GNUNET_h2s (&keys[i].h_cs.hash)); + csr.h_cs = &keys[i].h_cs; + csr.blinded_planchet + = &pd.blinded_planchet.details.cs_blinded_planchet; ec = TALER_CRYPTO_helper_cs_sign_withdraw ( dh, - &keys[i].h_cs, - &pd.blinded_planchet.details. - cs_blinded_planchet, + &csr, &ds); } switch (ec) @@ -544,6 +546,7 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh) { struct TALER_PlanchetDetail pd; struct TALER_CsPubHashP rnd; + struct TALER_CRYPTO_CsSignRequest csr; GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, &rnd, @@ -557,11 +560,12 @@ test_signing (struct TALER_CRYPTO_CsDenominationHelper *dh) NULL, /* no age commitment */ &c_hash, &pd)); - + csr.h_cs = &rnd; + csr.blinded_planchet + = &pd.blinded_planchet.details.cs_blinded_planchet; ec = TALER_CRYPTO_helper_cs_sign_withdraw ( dh, - &rnd, - &pd.blinded_planchet.details.cs_blinded_planchet, + &csr, &ds); if (TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN != ec) { @@ -627,9 +631,7 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh, ec = TALER_CRYPTO_helper_cs_r_derive_melt ( dh, &keys[i].h_cs, - &pd.blinded_planchet. - details. - cs_blinded_planchet.nonce, + &pd.blinded_planchet.details.cs_blinded_planchet.nonce, &alg_values.details.cs_values); if (TALER_EC_NONE != ec) continue; @@ -652,12 +654,14 @@ perf_signing (struct TALER_CRYPTO_CsDenominationHelper *dh, { struct GNUNET_TIME_Absolute start = GNUNET_TIME_absolute_get (); struct GNUNET_TIME_Relative delay; + struct TALER_CRYPTO_CsSignRequest csr; + csr.h_cs = &keys[i].h_cs; + csr.blinded_planchet + = &pd.blinded_planchet.details.cs_blinded_planchet; ec = TALER_CRYPTO_helper_cs_sign_melt ( dh, - &keys[i].h_cs, - &pd.blinded_planchet.details. - cs_blinded_planchet, + &csr, &ds); if (TALER_EC_NONE != ec) break; |