diff options
| -rw-r--r-- | src/include/taler_signatures.h | 11 | ||||
| -rw-r--r-- | src/mint/plugin_mintdb_postgres.c | 4 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd.h | 6 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_db.c | 26 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_db.h | 8 | ||||
| -rw-r--r-- | src/mint/taler-mint-httpd_refresh.c | 78 | ||||
| -rw-r--r-- | src/mint/taler_mintdb_plugin.h | 15 |
7 files changed, 69 insertions, 79 deletions
diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index b8fe8a7b7..3ad97a577 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -31,6 +31,17 @@ #include "taler_util.h" /** + * Cut-and-choose size for refreshing. Client looses the gamble (of + * unaccountable transfers) with probability 1/KAPPA. Refresh cost + * increases linearly with KAPPA, and 3 is sufficient up to a + * income/sales tax of 66% of total transaction value. As there is + * no good reason to change this security parameter, we declare it + * fixed and part of the protocol. + */ +#define KAPPA 3 + + +/** * Purpose for signing public keys signed * by the mint master key. */ diff --git a/src/mint/plugin_mintdb_postgres.c b/src/mint/plugin_mintdb_postgres.c index 1c6851d86..5a1ff8c0c 100644 --- a/src/mint/plugin_mintdb_postgres.c +++ b/src/mint/plugin_mintdb_postgres.c @@ -247,7 +247,7 @@ postgres_create_tables (void *cls, // index of the old coin in the customer's request ",oldcoin_index INT2 NOT NULL" // index for cut and choose, - // ranges from 0 to kappa-1 + // ranges from 0 to #KAPPA-1 ",cnc_index INT2 NOT NULL" ")"); SQLEXEC("CREATE TABLE IF NOT EXISTS refresh_commit_coin" @@ -1486,7 +1486,6 @@ postgres_get_refresh_session (void *cls, struct TALER_DB_ResultSpec rs[] = { TALER_DB_RESULT_SPEC("num_oldcoins", &refresh_session->num_oldcoins), TALER_DB_RESULT_SPEC("num_newcoins", &refresh_session->num_newcoins), - TALER_DB_RESULT_SPEC("kappa", &refresh_session->kappa), TALER_DB_RESULT_SPEC("noreveal_index", &refresh_session->noreveal_index), TALER_DB_RESULT_SPEC_END }; @@ -1502,7 +1501,6 @@ postgres_get_refresh_session (void *cls, refresh_session->num_oldcoins = ntohs (refresh_session->num_oldcoins); refresh_session->num_newcoins = ntohs (refresh_session->num_newcoins); - refresh_session->kappa = ntohs (refresh_session->kappa); refresh_session->noreveal_index = ntohs (refresh_session->noreveal_index); PQclear (result); diff --git a/src/mint/taler-mint-httpd.h b/src/mint/taler-mint-httpd.h index 36d150bbc..50b745703 100644 --- a/src/mint/taler-mint-httpd.h +++ b/src/mint/taler-mint-httpd.h @@ -26,12 +26,6 @@ #include <microhttpd.h> /** - * Cut-and-choose size for refreshing. - * FIXME: maybe make it a config option? - */ -#define KAPPA 3 - -/** * For now, we just do EUR. Should become configurable * in the future! */ diff --git a/src/mint/taler-mint-httpd_db.c b/src/mint/taler-mint-httpd_db.c index c18936e1f..17f44c9c9 100644 --- a/src/mint/taler-mint-httpd_db.c +++ b/src/mint/taler-mint-httpd_db.c @@ -591,12 +591,13 @@ refresh_accept_melts (struct MHD_Connection *connection, * @param coin_count number of entries in @a coin_public_infos and @a coin_melt_details, size of y-dimension of @commit_link array * @param coin_public_infos information about the coins to melt * @param coin_melt_details signatures and (residual) value of the respective coin should be melted - * @param kappa size of x-dimension of @commit_coin and @commit_link arrays * @param commit_coin 2d array of coin commitments (what the mint is to sign - * once the "/refres/reveal" of cut and choose is done) + * once the "/refres/reveal" of cut and choose is done), + * x-dimension must be #KAPPA * @param commit_link 2d array of coin link commitments (what the mint is * to return via "/refresh/link" to enable linkage in the * future) + * x-dimension must be #KAPPA * @return MHD result code */ int @@ -607,7 +608,6 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, unsigned int coin_count, const struct TALER_CoinPublicInfo *coin_public_infos, const struct MeltDetails *coin_melt_details, - unsigned int kappa, struct RefreshCommitCoin *const* commit_coin, struct RefreshCommitLink *const* commit_link) { @@ -684,7 +684,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, return TALER_MINT_reply_internal_db_error (connection); } - for (i = 0; i < kappa; i++) + for (i = 0; i < KAPPA; i++) { if (GNUNET_OK != plugin->insert_refresh_commit_coins (plugin->cls, @@ -699,7 +699,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, return TALER_MINT_reply_internal_db_error (connection); } } - for (i = 0; i < kappa; i++) + for (i = 0; i < KAPPA; i++) { if (GNUNET_OK != plugin->insert_refresh_commit_links (plugin->cls, @@ -719,10 +719,9 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, /* store 'global' session data */ refresh_session.num_oldcoins = coin_count; refresh_session.num_newcoins = num_new_denoms; - refresh_session.kappa = KAPPA; // FIXME... (#3711) refresh_session.noreveal_index = GNUNET_CRYPTO_random_u32 (GNUNET_CRYPTO_QUALITY_STRONG, - refresh_session.kappa); + KAPPA); if (GNUNET_OK != (res = plugin->create_refresh_session (plugin->cls, session, @@ -753,7 +752,7 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, * Check if the given @a transfer_privs correspond to an honest * commitment for the given session. * Checks that the transfer private keys match their commitments. - * Then derives the shared secret for each kappa, and check that they match. + * Then derives the shared secret for each #KAPPA, and check that they match. * * @param connection the MHD connection to handle * @param session database connection to use @@ -946,7 +945,7 @@ check_commitment (struct MHD_Connection *connection, buf_len)) ) { GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "blind envelope does not match for kappa=%u, old=%d\n", + "blind envelope does not match for k=%u, old=%d\n", off, (int) j); /* FIXME: return more specific error with original signature (#3712) */ @@ -1025,22 +1024,21 @@ refresh_mint_coin (struct MHD_Connection *connection, /** * Execute a "/refresh/reveal". The client is revealing to us the - * transfer keys for @a kappa-1 sets of coins. Verify that the + * transfer keys for @a #KAPPA-1 sets of coins. Verify that the * revealed transfer keys would allow linkage to the blinded coins, * and if so, return the signed coins for corresponding to the set of * coins that was not chosen. * * @param connection the MHD connection to handle * @param session_hash hash identifying the refresh session - * @param kappa size of x-dimension of @transfer_privs array plus one (!) * @param num_oldcoins size of y-dimension of @transfer_privs array - * @param transfer_pubs array with the revealed transfer keys + * @param transfer_pubs array with the revealed transfer keys, + * x-dimension must be #KAPPA - 1 * @return MHD result code */ int TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, const struct GNUNET_HashCode *session_hash, - unsigned int kappa, unsigned int num_oldcoins, struct TALER_TransferPrivateKey **transfer_privs) { @@ -1112,7 +1110,7 @@ TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, off = 0; - for (i=0;i<refresh_session.kappa - 1;i++) + for (i=0;i<KAPPA - 1;i++) { if (i == refresh_session.noreveal_index) off = 1; diff --git a/src/mint/taler-mint-httpd_db.h b/src/mint/taler-mint-httpd_db.h index ed96bbd4b..b2061850c 100644 --- a/src/mint/taler-mint-httpd_db.h +++ b/src/mint/taler-mint-httpd_db.h @@ -113,7 +113,6 @@ struct MeltDetails * @param coin_count number of entries in @a coin_public_infos and @ a coin_melt_details, size of y-dimension of @commit_link array * @param coin_public_infos information about the coins to melt * @param coin_melt_details signatures and (residual) value of the respective coin should be melted - * @param kappa size of x-dimension of @commit_coin and @commit_link arrays * @param commit_coin 2d array of coin commitments (what the mint is to sign * once the "/refres/reveal" of cut and choose is done) * @param commit_link 2d array of coin link commitments (what the mint is @@ -129,29 +128,26 @@ TALER_MINT_db_execute_refresh_melt (struct MHD_Connection *connection, unsigned int coin_count, const struct TALER_CoinPublicInfo *coin_public_infos, const struct MeltDetails *coin_melt_details, - unsigned int kappa, struct RefreshCommitCoin *const* commit_coin, struct RefreshCommitLink *const* commit_link); /** * Execute a "/refresh/reveal". The client is revealing to us the - * transfer keys for @a kappa-1 sets of coins. Verify that the + * transfer keys for #KAPPA-1 sets of coins. Verify that the * revealed transfer keys would allow linkage to the blinded coins, * and if so, return the signed coins for corresponding to the set of * coins that was not chosen. * * @param connection the MHD connection to handle * @param session_hash hash over the refresh session - * @param kappa size of x-dimension of @transfer_privs array plus one (!) * @param num_oldcoins size of y-dimension of @transfer_privs array - * @param transfer_pubs array with the revealed transfer keys + * @param transfer_pubs array with the revealed transfer keys, #KAPPA is 1st-dimension * @return MHD result code */ int TALER_MINT_db_execute_refresh_reveal (struct MHD_Connection *connection, const struct GNUNET_HashCode *session_hash, - unsigned int kappa, unsigned int num_oldcoins, struct TALER_TransferPrivateKey **transfer_privs); diff --git a/src/mint/taler-mint-httpd_refresh.c b/src/mint/taler-mint-httpd_refresh.c index 6575f02c9..5fc8fd5b0 100644 --- a/src/mint/taler-mint-httpd_refresh.c +++ b/src/mint/taler-mint-httpd_refresh.c @@ -47,7 +47,6 @@ * @param coin_melt_details array with @a coin_count entries with melting details * @param session_hash hash over the data that the client commits to * @param commit_client_sig signature of the client over this commitment - * @param kappa size of x-dimension of @commit_coin and @commit_link arrays * @param commit_coin 2d array of coin commitments (what the mint is to sign * once the "/refres/reveal" of cut and choose is done) * @param commit_link 2d array of coin link commitments (what the mint is @@ -63,7 +62,6 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, struct TALER_CoinPublicInfo *coin_public_infos, const struct MeltDetails *coin_melt_details, const struct GNUNET_HashCode *session_hash, - unsigned int kappa, struct RefreshCommitCoin *const* commit_coin, struct RefreshCommitLink *const* commit_link) @@ -155,7 +153,6 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, coin_count, coin_public_infos, coin_melt_details, - kappa, commit_coin, commit_link); } @@ -359,13 +356,12 @@ free_commit_links (struct RefreshCommitLink **commit_link, * @param melt_coins array of coins to melt * @param melt_sig_json signature affirming the melt operation * @param commit_signature signature over the commit - * @param kappa security parameter for cut and choose * @param num_oldcoins number of coins that are being melted - * @param transfer_pubs @a kappa-dimensional array of @a num_oldcoins transfer keys - * @param secret_encs @a kappa-dimensional array of @a num_oldcoins secrets + * @param transfer_pubs #KAPPA-dimensional array of @a num_oldcoins transfer keys + * @param secret_encs #KAPPA-dimensional array of @a num_oldcoins secrets * @param num_newcoins number of coins that the refresh will generate - * @param coin_envs @a kappa-dimensional array of @a num_newcoins envelopes to sign - * @param link_encs @a kappa-dimensional array of @a num_newcoins encrypted links + * @param coin_envs #KAPPA-dimensional array of @a num_newcoins envelopes to sign + * @param link_encs #KAPPA-dimensional array of @a num_newcoins encrypted links * @return MHD result code */ static int @@ -374,7 +370,6 @@ handle_refresh_melt_json (struct MHD_Connection *connection, const json_t *melt_coins, const json_t *melt_sig_json, const json_t *commit_signature, - unsigned int kappa, unsigned int num_oldcoins, const json_t *transfer_pubs, const json_t *secret_encs, @@ -393,8 +388,8 @@ handle_refresh_melt_json (struct MHD_Connection *connection, unsigned int coin_count; struct GNUNET_HashCode session_hash; struct GNUNET_HashContext *hash_context; - struct RefreshCommitCoin *commit_coin[kappa]; - struct RefreshCommitLink *commit_link[kappa]; + struct RefreshCommitCoin *commit_coin[KAPPA]; + struct RefreshCommitLink *commit_link[KAPPA]; /* For the signature check, we hash most of the inputs together (except for the signatures on the coins). */ @@ -494,7 +489,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection, together for the signature check */ memset (commit_coin, 0, sizeof (commit_coin)); memset (commit_link, 0, sizeof (commit_link)); - for (i = 0; i < kappa; i++) + for (i = 0; i < KAPPA; i++) { commit_coin[i] = GNUNET_malloc (num_newcoins * sizeof (struct RefreshCommitCoin)); @@ -515,7 +510,9 @@ handle_refresh_melt_json (struct MHD_Connection *connection, if (GNUNET_OK != res) { GNUNET_CRYPTO_hash_context_abort (hash_context); - free_commit_coins (commit_coin, kappa, num_newcoins); + free_commit_coins (commit_coin, + KAPPA, + num_newcoins); return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; } GNUNET_CRYPTO_hash_context_read (hash_context, @@ -531,7 +528,9 @@ handle_refresh_melt_json (struct MHD_Connection *connection, if (GNUNET_OK != res) { GNUNET_CRYPTO_hash_context_abort (hash_context); - free_commit_coins (commit_coin, kappa, num_newcoins); + free_commit_coins (commit_coin, + KAPPA, + num_newcoins); return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; } rcc->refresh_link @@ -543,7 +542,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection, } } - for (i = 0; i < kappa; i++) + for (i = 0; i < KAPPA; i++) { commit_link[i] = GNUNET_malloc (num_oldcoins * sizeof (struct RefreshCommitLink)); @@ -563,8 +562,12 @@ handle_refresh_melt_json (struct MHD_Connection *connection, { GNUNET_break (GNUNET_SYSERR != res); GNUNET_CRYPTO_hash_context_abort (hash_context); - free_commit_coins (commit_coin, kappa, num_newcoins); - free_commit_links (commit_link, kappa, num_oldcoins); + free_commit_coins (commit_coin, + KAPPA, + num_newcoins); + free_commit_links (commit_link, + KAPPA, + num_oldcoins); return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; } res = GNUNET_MINT_parse_navigate_json (connection, @@ -579,8 +582,12 @@ handle_refresh_melt_json (struct MHD_Connection *connection, { GNUNET_break (GNUNET_SYSERR != res); GNUNET_CRYPTO_hash_context_abort (hash_context); - free_commit_coins (commit_coin, kappa, num_newcoins); - free_commit_links (commit_link, kappa, num_oldcoins); + free_commit_coins (commit_coin, + KAPPA, + num_newcoins); + free_commit_links (commit_link, + KAPPA, + num_oldcoins); return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; } @@ -615,12 +622,15 @@ handle_refresh_melt_json (struct MHD_Connection *connection, coin_public_infos, coin_melt_details, &session_hash, - kappa, commit_coin, commit_link); cleanup: - free_commit_coins (commit_coin, kappa, num_newcoins); - free_commit_links (commit_link, kappa, num_oldcoins); + free_commit_coins (commit_coin, + KAPPA, + num_newcoins); + free_commit_links (commit_link, + KAPPA, + num_oldcoins); for (j=0;j<coin_count;j++) { GNUNET_CRYPTO_rsa_public_key_free (coin_public_infos[j].denom_pub.rsa_public_key); @@ -664,7 +674,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, json_t *transfer_pubs; json_t *secret_encs; json_t *commit_sig_json; - unsigned int kappa; unsigned int num_oldcoins; unsigned int num_newcoins; json_t *coin_detail; @@ -699,15 +708,14 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; /* Determine dimensionality of the request (kappa, #old and #new coins) */ - kappa = json_array_size (coin_evs); - if ( (3 > kappa) || (kappa > 32) ) + if (KAPPA != json_array_size (coin_evs)) { GNUNET_break_op (0); TALER_MINT_release_parsed_data (spec); return TALER_MINT_reply_arg_invalid (connection, "coin_evs"); } - if (json_array_size (transfer_pubs) != kappa) + if (KAPPA != json_array_size (transfer_pubs)) { GNUNET_break_op (0); TALER_MINT_release_parsed_data (spec); @@ -741,7 +749,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, melt_coins, melt_sig_json, commit_sig_json, - kappa, num_oldcoins, transfer_pubs, secret_encs, @@ -763,7 +770,6 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, * * @param connection the MHD connection to handle * @param session_hash hash identifying the melting session - * @param kappa length of the 1st dimension of @a transfer_privs array PLUS ONE * @param num_oldcoins length of the 2nd dimension of @a transfer_privs array * @param tp_json private transfer keys in JSON format * @return MHD result code @@ -771,20 +777,19 @@ TALER_MINT_handler_refresh_melt (struct RequestHandler *rh, static int handle_refresh_reveal_json (struct MHD_Connection *connection, const struct GNUNET_HashCode *session_hash, - unsigned int kappa, unsigned int num_oldcoins, const json_t *tp_json) { - struct TALER_TransferPrivateKey *transfer_privs[kappa - 1]; + struct TALER_TransferPrivateKey *transfer_privs[KAPPA - 1]; unsigned int i; unsigned int j; int res; - for (i = 0; i < kappa - 1; i++) + for (i = 0; i < KAPPA - 1; i++) transfer_privs[i] = GNUNET_malloc (num_oldcoins * sizeof (struct TALER_TransferPrivateKey)); res = GNUNET_OK; - for (i = 0; i < kappa - 1; i++) + for (i = 0; i < KAPPA - 1; i++) { if (GNUNET_OK != res) break; @@ -806,10 +811,9 @@ handle_refresh_reveal_json (struct MHD_Connection *connection, else res = TALER_MINT_db_execute_refresh_reveal (connection, session_hash, - kappa, num_oldcoins, transfer_privs); - for (i = 0; i < kappa - 1; i++) + for (i = 0; i < KAPPA - 1; i++) GNUNET_free (transfer_privs[i]); return res; } @@ -840,7 +844,6 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh, { struct GNUNET_HashCode session_hash; int res; - unsigned int kappa; unsigned int num_oldcoins; json_t *reveal_detail; json_t *root; @@ -869,15 +872,13 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh, return (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; /* Determine dimensionality of the request (kappa and #old coins) */ - kappa = json_array_size (transfer_privs) + 1; - if ( (2 > kappa) || (kappa > 31) ) + if (KAPPA != json_array_size (transfer_privs) + 1) { TALER_MINT_release_parsed_data (spec); return TALER_MINT_reply_arg_invalid (connection, "transfer_privs"); } /* Note we do +1 as 1 row (cut-and-choose!) is missing! */ - kappa++; res = GNUNET_MINT_parse_navigate_json (connection, transfer_privs, JNAV_INDEX, 0, @@ -892,7 +893,6 @@ TALER_MINT_handler_refresh_reveal (struct RequestHandler *rh, num_oldcoins = json_array_size (reveal_detail); res = handle_refresh_reveal_json (connection, &session_hash, - kappa, num_oldcoins, transfer_privs); TALER_MINT_release_parsed_data (spec); diff --git a/src/mint/taler_mintdb_plugin.h b/src/mint/taler_mintdb_plugin.h index d461413f1..08a73479d 100644 --- a/src/mint/taler_mintdb_plugin.h +++ b/src/mint/taler_mintdb_plugin.h @@ -247,14 +247,7 @@ struct RefreshSession uint16_t num_newcoins; /** - * Number of parallel operations we perform for the cut and choose. - * (must be greater or equal to three for security). 0 if not yet - * known. - */ - uint16_t kappa; - - /** - * Index (smaller @e kappa) which the mint has chosen to not + * Index (smaller #KAPPA) which the mint has chosen to not * have revealed during cut and choose. */ uint16_t noreveal_index; @@ -297,7 +290,7 @@ struct RefreshMelt /** * We have as many `struct RefreshCommitCoin` as there are new - * coins being created by the refresh (for each of the kappa + * coins being created by the refresh (for each of the #KAPPA * sets). These are the coins we ask the mint to sign if the * respective set is selected. */ @@ -816,7 +809,7 @@ struct TALER_MINTDB_Plugin * @param cls the @e cls of this struct with the plugin-specific state * @param sesssion database connection to use * @param session_hash hash to identify refresh session - * @param i set index (1st dimension), relating to kappa + * @param i set index (1st dimension), relating to #KAPPA * @param num_newcoins coin index size of the @a commit_coins array * @param commit_coin array of coin commitments to store * @return #GNUNET_OK on success @@ -861,7 +854,7 @@ struct TALER_MINTDB_Plugin * @param cls the @e cls of this struct with the plugin-specific state * @param sesssion database connection to use * @param session_hash hash to identify refresh session - * @param i set index (1st dimension), relating to kappa + * @param i set index (1st dimension), relating to #KAPPA * @param num_links size of the @a commit_link array * @param commit_links array of link information to store * @return #GNUNET_SYSERR on internal error, #GNUNET_OK on success |