From 0995bdd1d05356ed5f97954449f5a5c74a41bdc5 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 11 Feb 2022 09:36:01 +0100 Subject: -get tests to pass --- src/benchmark/taler-aggregator-benchmark.c | 2 +- .../taler-exchange-httpd_refreshes_reveal.c | 2 +- src/include/taler_crypto_lib.h | 57 +++++++++++++++------- src/include/taler_exchange_service.h | 20 ++++---- src/include/taler_testing_lib.h | 6 +-- src/lib/exchange_api_link.c | 11 +++-- src/lib/exchange_api_melt.c | 10 ++-- src/lib/exchange_api_recoup.c | 2 +- src/lib/exchange_api_recoup_refresh.c | 6 +-- src/lib/exchange_api_refresh_common.c | 14 ++---- src/lib/exchange_api_refresh_common.h | 6 +-- src/lib/exchange_api_refreshes_reveal.c | 10 ++-- src/lib/exchange_api_withdraw.c | 4 +- src/testing/test_exchange_api.c | 18 +++++-- src/testing/testing_api_cmd_insert_deposit.c | 2 +- src/testing/testing_api_cmd_recoup.c | 2 +- src/testing/testing_api_cmd_refresh.c | 18 +++---- src/testing/testing_api_cmd_withdraw.c | 6 +-- src/util/crypto.c | 51 +++++++++++++------ src/util/test_crypto.c | 8 +-- src/util/test_helper_cs.c | 30 +++++------- src/util/test_helper_rsa.c | 9 ++-- 22 files changed, 168 insertions(+), 126 deletions(-) diff --git a/src/benchmark/taler-aggregator-benchmark.c b/src/benchmark/taler-aggregator-benchmark.c index 7079d2140..005acfef1 100644 --- a/src/benchmark/taler-aggregator-benchmark.c +++ b/src/benchmark/taler-aggregator-benchmark.c @@ -490,7 +490,7 @@ run (void *cls, struct TALER_CoinPubHash c_hash; struct TALER_PlanchetDetail pd; struct TALER_BlindedDenominationSignature bds; - struct TALER_PlanchetSecretsP ps; + struct TALER_PlanchetMasterSecretP ps; struct TALER_ExchangeWithdrawValues alg_values; struct TALER_CoinSpendPublicKeyP coin_pub; union TALER_DenominationBlindingKeyP bks; diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c b/src/exchange/taler-exchange-httpd_refreshes_reveal.c index e0d97bb3d..d6e9f95e8 100644 --- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c +++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c @@ -264,7 +264,7 @@ check_commitment (struct RevealContext *rctx, = &rctx->rrcs[j].exchange_vals; struct TALER_PlanchetDetail pd; struct TALER_CoinPubHash c_hash; - struct TALER_PlanchetSecretsP ps; + struct TALER_PlanchetMasterSecretP ps; rcd->dk = &rctx->dks[j]->denom_pub; TALER_transfer_secret_to_planchet_secret (&ts, diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 8e8203790..b6dccda46 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -462,14 +462,27 @@ struct TALER_RsaPubHashP }; +/** + * Master key material for the deriviation of + * private coins and blinding factors during + * withdraw or refresh. + */ +struct TALER_PlanchetMasterSecretP +{ + + /** + * Key material. + */ + uint32_t key_data[8]; + +}; + + /** * Master key material for the deriviation of * private coins and blinding factors. */ -// FIXME: split this struct, we should have -// a different one for the Melt/Refresh secrets -// and the withdraw secrets! -struct TALER_PlanchetSecretsP +struct TALER_RefreshMasterSecretP { /** @@ -1026,7 +1039,7 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub); */ void TALER_planchet_setup_coin_priv ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_PlanchetMasterSecretP *ps, const struct TALER_ExchangeWithdrawValues *alg_values, struct TALER_CoinSpendPrivateKeyP *coin_priv); @@ -1039,7 +1052,7 @@ TALER_planchet_setup_coin_priv ( */ void TALER_cs_withdraw_nonce_derive ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_PlanchetMasterSecretP *ps, struct TALER_CsNonce *nonce); @@ -1047,13 +1060,13 @@ TALER_cs_withdraw_nonce_derive ( * @brief Method to derive /csr nonce * to be used during refresh/melt operation. * - * @param coin_priv private key of the coin + * @param rms secret input for the refresh operation * @param idx index of the fresh coin * @param[out] nonce set to nonce included in the request to generate R_0 and R_1 */ void TALER_cs_refresh_nonce_derive ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, uint32_t idx, struct TALER_CsNonce *nonce); @@ -1511,34 +1524,44 @@ void TALER_transfer_secret_to_planchet_secret ( const struct TALER_TransferSecretP *secret_seed, uint32_t coin_num_salt, - struct TALER_PlanchetSecretsP *ps); + struct TALER_PlanchetMasterSecretP *ps); /** * Derive the @a coin_num transfer private key @a tpriv from a refresh from - * the @a ps seed of the refresh operation. The transfer private key + * the @a rms seed of the refresh operation. The transfer private key * derivation is based on the @a ps with a KDF salted by the @a coin_num. * - * @param ps seed to use for KDF to derive transfer keys + * @param rms seed to use for KDF to derive transfer keys * @param cnc_num cut and choose number to include in KDF * @param[out] tpriv value to initialize */ void TALER_planchet_secret_to_transfer_priv ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, uint32_t cnc_num, struct TALER_TransferPrivateKeyP *tpriv); /** - * Setup information for fresh coins to be withdrawn - * or refreshed. + * Setup secret seed information for fresh coins to be + * withdrawn. * * @param[out] ps value to initialize */ void -TALER_planchet_setup_random ( - struct TALER_PlanchetSecretsP *ps); +TALER_planchet_master_setup_random ( + struct TALER_PlanchetMasterSecretP *ps); + + +/** + * Setup secret seed for fresh coins to be refreshed. + * + * @param[out] rms value to initialize + */ +void +TALER_refresh_master_setup_random ( + struct TALER_RefreshMasterSecretP *rms); /** @@ -1551,7 +1574,7 @@ TALER_planchet_setup_random ( */ void TALER_planchet_blinding_secret_create ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_PlanchetMasterSecretP *ps, const struct TALER_ExchangeWithdrawValues *alg_values, union TALER_DenominationBlindingKeyP *bks); diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h index 58364b159..fe5c74618 100644 --- a/src/include/taler_exchange_service.h +++ b/src/include/taler_exchange_service.h @@ -1500,7 +1500,7 @@ TALER_EXCHANGE_withdraw ( struct TALER_EXCHANGE_Handle *exchange, const struct TALER_EXCHANGE_DenomPublicKey *pk, const struct TALER_ReservePrivateKeyP *reserve_priv, - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_PlanchetMasterSecretP *ps, TALER_EXCHANGE_WithdrawCallback res_cb, void *res_cb_cls); @@ -1667,7 +1667,7 @@ typedef void * prior to calling this function. * * @param exchange the exchange handle; the exchange must be ready to operate - * @param ps the fresh secret that defines the refresh operation + * @param rms the fresh secret that defines the refresh operation * @param rd the refresh data specifying the characteristics of the operation * @param melt_cb the callback to call with the result * @param melt_cb_cls closure for @a melt_cb @@ -1676,7 +1676,7 @@ typedef void */ struct TALER_EXCHANGE_MeltHandle * TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange, - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, const struct TALER_EXCHANGE_RefreshData *rd, TALER_EXCHANGE_MeltCallback melt_cb, void *melt_cb_cls); @@ -1716,7 +1716,7 @@ typedef void const struct TALER_EXCHANGE_HttpResponse *hr, unsigned int num_coins, const struct TALER_CoinSpendPrivateKeyP *coin_privs, - const struct TALER_PlanchetSecretsP *psa, + const struct TALER_PlanchetMasterSecretP *psa, const struct TALER_DenominationSignature *sigs); @@ -1736,7 +1736,7 @@ struct TALER_EXCHANGE_RefreshesRevealHandle; * prior to calling this function. * * @param exchange the exchange handle; the exchange must be ready to operate - * @param ps the fresh secret that defines the refresh operation + * @param rms the fresh secret that defines the refresh operation * @param rd the refresh data that characterizes the refresh operation * @param num_coins number of fresh coins to be created, length of the @a exchange_vals array, must match value in @a rd * @param alg_values array @a num_coins of exchange values contributed to the refresh operation @@ -1751,7 +1751,7 @@ struct TALER_EXCHANGE_RefreshesRevealHandle; struct TALER_EXCHANGE_RefreshesRevealHandle * TALER_EXCHANGE_refreshes_reveal ( struct TALER_EXCHANGE_Handle *exchange, - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, const struct TALER_EXCHANGE_RefreshData *rd, unsigned int num_coins, const struct TALER_ExchangeWithdrawValues *alg_values, @@ -2186,7 +2186,7 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange, const struct TALER_EXCHANGE_DenomPublicKey *pk, const struct TALER_DenominationSignature *denom_sig, const struct TALER_ExchangeWithdrawValues *exchange_vals, - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_PlanchetMasterSecretP *ps, TALER_EXCHANGE_RecoupResultCallback recoup_cb, void *recoup_cb_cls); @@ -2236,7 +2236,7 @@ typedef void * @param pk kind of coin to pay back * @param denom_sig signature over the coin by the exchange using @a pk * @param exchange_vals contribution from the exchange on the withdraw - * @param rps melt secret of the refreshing operation + * @param rms melt secret of the refreshing operation * @param ps coin-specific secrets derived for this coin during the refreshing operation * @param idx index of the fresh coin in the refresh operation that is now being recouped * @param recoup_cb the callback to call when the final result for this request is available @@ -2251,8 +2251,8 @@ TALER_EXCHANGE_recoup_refresh ( const struct TALER_EXCHANGE_DenomPublicKey *pk, const struct TALER_DenominationSignature *denom_sig, const struct TALER_ExchangeWithdrawValues *exchange_vals, - const struct TALER_PlanchetSecretsP *rps, - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, + const struct TALER_PlanchetMasterSecretP *ps, unsigned int idx, TALER_EXCHANGE_RecoupRefreshResultCallback recoup_cb, void *recoup_cb_cls); diff --git a/src/include/taler_testing_lib.h b/src/include/taler_testing_lib.h index 7284a1247..a0385a85e 100644 --- a/src/include/taler_testing_lib.h +++ b/src/include/taler_testing_lib.h @@ -2443,8 +2443,8 @@ TALER_TESTING_get_trait (const struct TALER_TESTING_Trait *traits, #define TALER_TESTING_SIMPLE_TRAITS(op) \ op (bank_row, const uint64_t) \ op (reserve_priv, const struct TALER_ReservePrivateKeyP) \ - op (planchet_secret, const struct TALER_PlanchetSecretsP) \ - op (refresh_secret, const struct TALER_PlanchetSecretsP) \ + op (planchet_secret, const struct TALER_PlanchetMasterSecretP) \ + op (refresh_secret, const struct TALER_RefreshMasterSecretP) \ op (reserve_pub, const struct TALER_ReservePublicKeyP) \ op (merchant_priv, const struct TALER_MerchantPrivateKeyP) \ op (merchant_pub, const struct TALER_MerchantPublicKeyP) \ @@ -2484,7 +2484,7 @@ TALER_TESTING_get_trait (const struct TALER_TESTING_Trait *traits, #define TALER_TESTING_INDEXED_TRAITS(op) \ op (denom_pub, const struct TALER_EXCHANGE_DenomPublicKey) \ op (denom_sig, const struct TALER_DenominationSignature) \ - op (planchet_secrets, const struct TALER_PlanchetSecretsP) \ + op (planchet_secrets, const struct TALER_PlanchetMasterSecretP) \ op (exchange_wd_value, const struct TALER_ExchangeWithdrawValues) \ op (coin_priv, const struct TALER_CoinSpendPrivateKeyP) \ op (coin_pub, const struct TALER_CoinSpendPublicKeyP) \ diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c index 0b2a1336b..2e3b01a63 100644 --- a/src/lib/exchange_api_link.c +++ b/src/lib/exchange_api_link.c @@ -113,7 +113,7 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, GNUNET_JSON_spec_end () }; struct TALER_TransferSecretP secret; - struct TALER_PlanchetSecretsP ps; + struct TALER_PlanchetMasterSecretP ps; struct TALER_PlanchetDetail pd; struct TALER_CoinPubHash c_hash; @@ -175,14 +175,15 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, // really need to change the derivation structure // during refresh to derive the nonces differently // and make /link possible! - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Link using PS(%u)=%s\n", - (unsigned int) coin_idx, - TALER_B2S (&ps)); + /* FIXME: we cannot get the 'rms' here, and + if the TALER_coin_ev_hash() includes that 'nonce', + we are screwed on/link. */ +#if FIXME_OMIT TALER_cs_refresh_nonce_derive ( &ps, coin_idx, &pd.blinded_planchet.details.cs_blinded_planchet.nonce); +#endif TALER_coin_ev_hash (&pd.blinded_planchet, &pd.denom_pub_hash, &coin_envelope_hash); diff --git a/src/lib/exchange_api_melt.c b/src/lib/exchange_api_melt.c index 4d585c85f..eec2d0a53 100644 --- a/src/lib/exchange_api_melt.c +++ b/src/lib/exchange_api_melt.c @@ -78,7 +78,7 @@ struct TALER_EXCHANGE_MeltHandle /** * The secret the entire melt operation is seeded from. */ - const struct TALER_PlanchetSecretsP *ps; + const struct TALER_RefreshMasterSecretP *rms; /** * Details about the characteristics of the requested melt operation. @@ -490,7 +490,7 @@ start_melt (struct TALER_EXCHANGE_MeltHandle *mh) struct TALER_DenominationHash h_denom_pub; if (GNUNET_OK != - TALER_EXCHANGE_get_melt_data_ (mh->ps, + TALER_EXCHANGE_get_melt_data_ (mh->rms, mh->rd, mh->alg_values, &mh->md)) @@ -637,7 +637,7 @@ csr_cb (void *cls, struct TALER_EXCHANGE_MeltHandle * TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange, - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, const struct TALER_EXCHANGE_RefreshData *rd, TALER_EXCHANGE_MeltCallback melt_cb, void *melt_cb_cls) @@ -657,7 +657,7 @@ TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange, mh->noreveal_index = TALER_CNC_KAPPA; /* invalid value */ mh->exchange = exchange; mh->rd = rd; - mh->ps = ps; + mh->rms = rms; /* FIXME: deep copy might be safer... */ mh->melt_cb = melt_cb; mh->melt_cb_cls = melt_cb_cls; mh->alg_values = GNUNET_new_array (rd->fresh_pks_len, @@ -683,7 +683,7 @@ TALER_EXCHANGE_melt (struct TALER_EXCHANGE_Handle *exchange, case TALER_DENOMINATION_CS: wv->cipher = TALER_DENOMINATION_CS; nks[nks_off].pk = fresh_pk; - TALER_cs_refresh_nonce_derive (ps, + TALER_cs_refresh_nonce_derive (rms, i, &nks[nks_off].nonce); nks_off++; diff --git a/src/lib/exchange_api_recoup.c b/src/lib/exchange_api_recoup.c index b6a99ba52..5ae0c55bb 100644 --- a/src/lib/exchange_api_recoup.c +++ b/src/lib/exchange_api_recoup.c @@ -285,7 +285,7 @@ TALER_EXCHANGE_recoup (struct TALER_EXCHANGE_Handle *exchange, const struct TALER_EXCHANGE_DenomPublicKey *pk, const struct TALER_DenominationSignature *denom_sig, const struct TALER_ExchangeWithdrawValues *exchange_vals, - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_PlanchetMasterSecretP *ps, TALER_EXCHANGE_RecoupResultCallback recoup_cb, void *recoup_cb_cls) { diff --git a/src/lib/exchange_api_recoup_refresh.c b/src/lib/exchange_api_recoup_refresh.c index dbdf9eb65..44b117b0a 100644 --- a/src/lib/exchange_api_recoup_refresh.c +++ b/src/lib/exchange_api_recoup_refresh.c @@ -287,8 +287,8 @@ TALER_EXCHANGE_recoup_refresh ( const struct TALER_EXCHANGE_DenomPublicKey *pk, const struct TALER_DenominationSignature *denom_sig, const struct TALER_ExchangeWithdrawValues *exchange_vals, - const struct TALER_PlanchetSecretsP *rps, - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, + const struct TALER_PlanchetMasterSecretP *ps, unsigned int idx, TALER_EXCHANGE_RecoupRefreshResultCallback recoup_cb, void *recoup_cb_cls) @@ -343,7 +343,7 @@ TALER_EXCHANGE_recoup_refresh ( it is not strictly clear that the nonce is needed. Best case would be to find a way to include it more 'naturally' somehow, for example with the variant union version of bks! */ - TALER_cs_refresh_nonce_derive (rps, + TALER_cs_refresh_nonce_derive (rms, idx, &nonce); GNUNET_assert ( diff --git a/src/lib/exchange_api_refresh_common.c b/src/lib/exchange_api_refresh_common.c index c15527369..4c65e390f 100644 --- a/src/lib/exchange_api_refresh_common.c +++ b/src/lib/exchange_api_refresh_common.c @@ -44,7 +44,7 @@ TALER_EXCHANGE_free_melt_data_ (struct MeltData *md) enum GNUNET_GenericReturnValue TALER_EXCHANGE_get_melt_data_ ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, const struct TALER_EXCHANGE_RefreshData *rd, const struct TALER_ExchangeWithdrawValues *alg_values, struct MeltData *md) @@ -115,7 +115,7 @@ TALER_EXCHANGE_get_melt_data_ ( for (unsigned int i = 0; imelted_coin.transfer_priv[i]); GNUNET_CRYPTO_ecdhe_key_get_public ( @@ -125,12 +125,12 @@ TALER_EXCHANGE_get_melt_data_ ( &md->melted_coin.transfer_priv[i], &trans_sec[i]); md->fresh_coins[i] = GNUNET_new_array (rd->fresh_pks_len, - struct TALER_PlanchetSecretsP); + struct TALER_PlanchetMasterSecretP); rce[i].new_coins = GNUNET_new_array (rd->fresh_pks_len, struct TALER_RefreshCoinData); for (unsigned int j = 0; jfresh_pks_len; j++) { - struct TALER_PlanchetSecretsP *fc = &md->fresh_coins[i][j]; + struct TALER_PlanchetMasterSecretP *fc = &md->fresh_coins[i][j]; struct TALER_RefreshCoinData *rcd = &rce[i].new_coins[j]; struct TALER_PlanchetDetail pd; struct TALER_CoinPubHash c_hash; @@ -150,12 +150,8 @@ TALER_EXCHANGE_get_melt_data_ ( so this computation is redundant, and here additionally repeated KAPPA times. Could be avoided with slightly more bookkeeping in the future */ - GNUNET_log (GNUNET_ERROR_TYPE_ERROR, - "Refresh using PS(%u)=%s\n", - j, - TALER_B2S (&ps)); TALER_cs_refresh_nonce_derive ( - ps, + rms, j, &pd.blinded_planchet.details.cs_blinded_planchet.nonce); if (GNUNET_OK != diff --git a/src/lib/exchange_api_refresh_common.h b/src/lib/exchange_api_refresh_common.h index 94c4f3234..70085a5b6 100644 --- a/src/lib/exchange_api_refresh_common.h +++ b/src/lib/exchange_api_refresh_common.h @@ -112,21 +112,21 @@ struct MeltData * Arrays of @e num_fresh_coins with information about the fresh * coins to be created, for each cut-and-choose dimension. */ - struct TALER_PlanchetSecretsP *fresh_coins[TALER_CNC_KAPPA]; + struct TALER_PlanchetMasterSecretP *fresh_coins[TALER_CNC_KAPPA]; }; /** * Compute the melt data from the refresh data and secret. * - * @param ps secret internals of the refresh-reveal operation + * @param rms secret internals of the refresh-reveal operation * @param rd refresh data with the characteristics of the operation * @param alg_values contributions from the exchange into the melt * @param[out] rd where to write the derived melt data */ enum GNUNET_GenericReturnValue TALER_EXCHANGE_get_melt_data_ ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, const struct TALER_EXCHANGE_RefreshData *rd, const struct TALER_ExchangeWithdrawValues *alg_values, struct MeltData *md); diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c index b675d3db5..ca49f7782 100644 --- a/src/lib/exchange_api_refreshes_reveal.c +++ b/src/lib/exchange_api_refreshes_reveal.c @@ -141,7 +141,7 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshesRevealHandle *rrh, } for (unsigned int i = 0; imd.num_fresh_coins; i++) { - const struct TALER_PlanchetSecretsP *fc; + const struct TALER_PlanchetMasterSecretP *fc; struct TALER_DenominationPublicKey *pk; json_t *jsonai; struct TALER_BlindedDenominationSignature blind_sig; @@ -316,7 +316,7 @@ handle_refresh_reveal_finished (void *cls, struct TALER_EXCHANGE_RefreshesRevealHandle * TALER_EXCHANGE_refreshes_reveal ( struct TALER_EXCHANGE_Handle *exchange, - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, const struct TALER_EXCHANGE_RefreshData *rd, unsigned int num_coins, const struct TALER_ExchangeWithdrawValues *alg_values, @@ -354,7 +354,7 @@ TALER_EXCHANGE_refreshes_reveal ( return NULL; } if (GNUNET_OK != - TALER_EXCHANGE_get_melt_data_ (ps, + TALER_EXCHANGE_get_melt_data_ (rms, rd, alg_values, &md)) @@ -380,7 +380,7 @@ TALER_EXCHANGE_refreshes_reveal ( struct TALER_DenominationHash denom_hash; struct TALER_PlanchetDetail pd; struct TALER_CoinPubHash c_hash; - struct TALER_PlanchetSecretsP coin_ps; + struct TALER_PlanchetMasterSecretP coin_ps; union TALER_DenominationBlindingKeyP bks; struct TALER_CoinSpendPrivateKeyP coin_priv; @@ -400,7 +400,7 @@ TALER_EXCHANGE_refreshes_reveal ( &alg_values[i], &bks); TALER_cs_refresh_nonce_derive ( - ps, + rms, i, &pd.blinded_planchet.details.cs_blinded_planchet.nonce); if (GNUNET_OK != diff --git a/src/lib/exchange_api_withdraw.c b/src/lib/exchange_api_withdraw.c index d89beff0f..743fea4bb 100644 --- a/src/lib/exchange_api_withdraw.c +++ b/src/lib/exchange_api_withdraw.c @@ -66,7 +66,7 @@ struct TALER_EXCHANGE_WithdrawHandle /** * Seed of the planchet. */ - struct TALER_PlanchetSecretsP ps; + struct TALER_PlanchetMasterSecretP ps; /** * blinding secret @@ -247,7 +247,7 @@ TALER_EXCHANGE_withdraw ( struct TALER_EXCHANGE_Handle *exchange, const struct TALER_EXCHANGE_DenomPublicKey *pk, const struct TALER_ReservePrivateKeyP *reserve_priv, - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_PlanchetMasterSecretP *ps, TALER_EXCHANGE_WithdrawCallback res_cb, void *res_cb_cls) { diff --git a/src/testing/test_exchange_api.c b/src/testing/test_exchange_api.c index d045c21ea..b1779a7d4 100644 --- a/src/testing/test_exchange_api.c +++ b/src/testing/test_exchange_api.c @@ -415,6 +415,16 @@ run (void *cls, "EUR:0.08", bc.exchange_payto, bc.user43_payto), + /* In case of CS, one transaction above succeeded that + failed for RSA, hence we need to check for an extra transfer here */ + uses_cs + ? TALER_TESTING_cmd_check_bank_transfer ("check_bank_transfer-98c", + ec.exchange_url, + "EUR:0.98", + bc.exchange_payto, + bc.user42_payto) + : TALER_TESTING_cmd_sleep ("dummy", + 0), TALER_TESTING_cmd_check_bank_empty ("check_bank_empty"), TALER_TESTING_cmd_track_transaction ("deposit-wtid-ok", "deposit-simple", @@ -865,11 +875,11 @@ run (void *cls, MHD_HTTP_OK, "recoup-withdraw-coin-2a", config_file), - /* Check recoup is failing for the coin with the reused coin key */ + /* Check recoup is failing for the coin with the reused coin key + (fails either because of denomination conflict (RSA) or + double-spending (CS))*/ TALER_TESTING_cmd_recoup ("recoup-2x", - uses_cs - ? MHD_HTTP_OK - : MHD_HTTP_CONFLICT, + MHD_HTTP_CONFLICT, "withdraw-coin-1x", "EUR:1"), TALER_TESTING_cmd_recoup ("recoup-2", diff --git a/src/testing/testing_api_cmd_insert_deposit.c b/src/testing/testing_api_cmd_insert_deposit.c index 6c9f36e00..be49df949 100644 --- a/src/testing/testing_api_cmd_insert_deposit.c +++ b/src/testing/testing_api_cmd_insert_deposit.c @@ -201,7 +201,7 @@ insert_deposit_run (void *cls, struct TALER_CoinPubHash c_hash; struct TALER_PlanchetDetail pd; struct TALER_BlindedDenominationSignature bds; - struct TALER_PlanchetSecretsP ps; + struct TALER_PlanchetMasterSecretP ps; struct TALER_ExchangeWithdrawValues alg_values; union TALER_DenominationBlindingKeyP bks; diff --git a/src/testing/testing_api_cmd_recoup.c b/src/testing/testing_api_cmd_recoup.c index 74c294ef4..85256c207 100644 --- a/src/testing/testing_api_cmd_recoup.c +++ b/src/testing/testing_api_cmd_recoup.c @@ -239,7 +239,7 @@ recoup_run (void *cls, const struct TALER_CoinSpendPrivateKeyP *coin_priv; const struct TALER_EXCHANGE_DenomPublicKey *denom_pub; const struct TALER_DenominationSignature *coin_sig; - const struct TALER_PlanchetSecretsP *planchet; + const struct TALER_PlanchetMasterSecretP *planchet; char *cref; unsigned int idx; const struct TALER_ExchangeWithdrawValues *ewv; diff --git a/src/testing/testing_api_cmd_refresh.c b/src/testing/testing_api_cmd_refresh.c index fe443d214..769a8fef8 100644 --- a/src/testing/testing_api_cmd_refresh.c +++ b/src/testing/testing_api_cmd_refresh.c @@ -130,7 +130,7 @@ struct RefreshMeltState /** * Entropy seed for the refresh-melt operation. */ - struct TALER_PlanchetSecretsP ps; + struct TALER_RefreshMasterSecretP rms; /** * Private key of the dirty coin being melted. @@ -218,7 +218,7 @@ struct RefreshRevealState * Array of @e num_fresh_coins planchet secrets derived * from the transfer secret per fresh coin. */ - struct TALER_PlanchetSecretsP *psa; + struct TALER_PlanchetMasterSecretP *psa; /** * Interpreter state. @@ -361,7 +361,7 @@ reveal_cb (void *cls, const struct TALER_EXCHANGE_HttpResponse *hr, unsigned int num_coins, const struct TALER_CoinSpendPrivateKeyP *coin_privs, - const struct TALER_PlanchetSecretsP *psa, + const struct TALER_PlanchetMasterSecretP *psa, const struct TALER_DenominationSignature *sigs) { struct RefreshRevealState *rrs = cls; @@ -423,7 +423,7 @@ reveal_cb (void *cls, case MHD_HTTP_OK: rrs->psa = GNUNET_memdup (psa, num_coins - * sizeof (struct TALER_PlanchetSecretsP)); + * sizeof (struct TALER_PlanchetMasterSecretP)); rrs->fresh_coins = GNUNET_new_array (num_coins, struct TALER_TESTING_FreshCoinData); for (unsigned int i = 0; icls; rrs->rrh = TALER_EXCHANGE_refreshes_reveal (is->exchange, - &rms->ps, + &rms->rms, &rms->refresh_data, rms->num_fresh_coins, rms->alg_values, @@ -1008,7 +1008,7 @@ melt_cb (void *cls, TALER_LOG_DEBUG ("Doubling the melt (%s)\n", rms->is->commands[rms->is->ip].label); rms->rmh = TALER_EXCHANGE_melt (rms->is->exchange, - &rms->ps, + &rms->rms, &rms->refresh_data, &melt_cb, rms); @@ -1044,7 +1044,7 @@ melt_run (void *cls, melt_fresh_amounts = default_melt_fresh_amounts; rms->is = is; rms->noreveal_index = UINT16_MAX; - TALER_planchet_setup_random (&rms->ps); + TALER_refresh_master_setup_random (&rms->rms); for (num_fresh_coins = 0; NULL != melt_fresh_amounts[num_fresh_coins]; num_fresh_coins++) @@ -1145,7 +1145,7 @@ melt_run (void *cls, rms->refresh_data.fresh_pks = rms->fresh_pks; rms->refresh_data.fresh_pks_len = num_fresh_coins; rms->rmh = TALER_EXCHANGE_melt (is->exchange, - &rms->ps, + &rms->rms, &rms->refresh_data, &melt_cb, rms); @@ -1233,7 +1233,7 @@ melt_traits (void *cls, &rms->bks[index]), TALER_TESTING_make_trait_exchange_wd_value (index, &rms->alg_values[index]), - TALER_TESTING_make_trait_refresh_secret (&rms->ps), + TALER_TESTING_make_trait_refresh_secret (&rms->rms), TALER_TESTING_trait_end () }; diff --git a/src/testing/testing_api_cmd_withdraw.c b/src/testing/testing_api_cmd_withdraw.c index f1b38fd41..c7265c6cd 100644 --- a/src/testing/testing_api_cmd_withdraw.c +++ b/src/testing/testing_api_cmd_withdraw.c @@ -129,7 +129,7 @@ struct WithdrawState /** * Private key material of the coin, set by the interpreter. */ - struct TALER_PlanchetSecretsP ps; + struct TALER_PlanchetMasterSecretP ps; /** * Reserve history entry that corresponds to this operation. @@ -407,11 +407,11 @@ withdraw_run (void *cls, &ws->reserve_pub); if (NULL == ws->reuse_coin_key_ref) { - TALER_planchet_setup_random (&ws->ps); + TALER_planchet_master_setup_random (&ws->ps); } else { - const struct TALER_PlanchetSecretsP *ps; + const struct TALER_PlanchetMasterSecretP *ps; const struct TALER_TESTING_Command *cref; char *cstr; unsigned int index; diff --git a/src/util/crypto.c b/src/util/crypto.c index 76657f41d..49d5bcab5 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -146,8 +146,8 @@ TALER_link_recover_transfer_secret ( void -TALER_planchet_setup_random ( - struct TALER_PlanchetSecretsP *ps) +TALER_planchet_master_setup_random ( + struct TALER_PlanchetMasterSecretP *ps) { GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, ps, @@ -155,11 +155,21 @@ TALER_planchet_setup_random ( } +void +TALER_refresh_master_setup_random ( + struct TALER_RefreshMasterSecretP *rms) +{ + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + rms, + sizeof (*rms)); +} + + void TALER_transfer_secret_to_planchet_secret ( const struct TALER_TransferSecretP *secret_seed, uint32_t coin_num_salt, - struct TALER_PlanchetSecretsP *ps) + struct TALER_PlanchetMasterSecretP *ps) { uint32_t be_salt = htonl (coin_num_salt); @@ -178,7 +188,7 @@ TALER_transfer_secret_to_planchet_secret ( void TALER_planchet_secret_to_transfer_priv ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, uint32_t cnc_num, struct TALER_TransferPrivateKeyP *tpriv) { @@ -189,8 +199,8 @@ TALER_planchet_secret_to_transfer_priv ( sizeof (*tpriv), &be_salt, sizeof (be_salt), - ps, - sizeof (*ps), + rms, + sizeof (*rms), "taler-transfer-priv-derivation", strlen ("taler-transfer-priv-derivation"), NULL, 0)); @@ -199,7 +209,7 @@ TALER_planchet_secret_to_transfer_priv ( void TALER_cs_withdraw_nonce_derive ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_PlanchetMasterSecretP *ps, struct TALER_CsNonce *nonce) { GNUNET_assert (GNUNET_YES == @@ -216,7 +226,7 @@ TALER_cs_withdraw_nonce_derive ( void TALER_cs_refresh_nonce_derive ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_RefreshMasterSecretP *rms, uint32_t coin_num_salt, struct TALER_CsNonce *nonce) { @@ -229,8 +239,8 @@ TALER_cs_refresh_nonce_derive ( sizeof (be_salt), "refresh-n", // FIXME: value used in spec? strlen ("refresh-n"), - ps, - sizeof(*ps), + rms, + sizeof(*rms), NULL, 0)); } @@ -238,7 +248,7 @@ TALER_cs_refresh_nonce_derive ( void TALER_planchet_blinding_secret_create ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_PlanchetMasterSecretP *ps, const struct TALER_ExchangeWithdrawValues *alg_values, union TALER_DenominationBlindingKeyP *bks) { @@ -280,7 +290,7 @@ TALER_planchet_blinding_secret_create ( // FIXME: move to denom.c? void TALER_planchet_setup_coin_priv ( - const struct TALER_PlanchetSecretsP *ps, + const struct TALER_PlanchetMasterSecretP *ps, const struct TALER_ExchangeWithdrawValues *alg_values, struct TALER_CoinSpendPrivateKeyP *coin_priv) { @@ -305,8 +315,8 @@ TALER_planchet_setup_coin_priv ( strlen ("coin"), ps, sizeof(*ps), - &alg_values->details, /* Could be null on RSA case*/ - sizeof(alg_values->details), + &alg_values->details.cs_values, + sizeof(alg_values->details.cs_values), NULL, 0)); break; @@ -512,11 +522,22 @@ TALER_coin_ev_hash (const struct TALER_BlindedPlanchet *blinded_planchet, nonce here; if we omit this, we could skip sending the nonce in the /recoup protocol. OTOH, there is certainly no further harm (beyond the extra - bytes send on /recoup) from including it. */ + bytes send on /recoup) from including it. + **** + UPDATE: hashing 'nonce' here kills link, as + link does not HAVE the 'rms' to derive the nonce + from! (see FIXME_OMIT in exchange_api_link.c) + *** + => either figure elegant way to resolve this, + or omit hashing nonce and ALSO skip sending + nonce in /recoup! + */ +#if FIXME_OMIT GNUNET_CRYPTO_hash_context_read ( hash_context, &blinded_planchet->details.cs_blinded_planchet.nonce, sizeof (blinded_planchet->details.cs_blinded_planchet.nonce)); +#endif GNUNET_CRYPTO_hash_context_read ( hash_context, &blinded_planchet->details.cs_blinded_planchet.c[0], diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c index 0681fc865..0c83555d7 100644 --- a/src/util/test_crypto.c +++ b/src/util/test_crypto.c @@ -42,8 +42,8 @@ test_high_level (void) union TALER_DenominationBlindingKeyP bks2; struct TALER_CoinSpendPrivateKeyP coin_priv1; struct TALER_CoinSpendPrivateKeyP coin_priv2; - struct TALER_PlanchetSecretsP ps1; - struct TALER_PlanchetSecretsP ps2; + struct TALER_PlanchetMasterSecretP ps1; + struct TALER_PlanchetMasterSecretP ps2; struct TALER_ExchangeWithdrawValues alg1; struct TALER_ExchangeWithdrawValues alg2; @@ -110,7 +110,7 @@ test_high_level (void) static int test_planchets_rsa (void) { - struct TALER_PlanchetSecretsP ps; + struct TALER_PlanchetMasterSecretP ps; struct TALER_CoinSpendPrivateKeyP coin_priv; union TALER_DenominationBlindingKeyP bks; struct TALER_DenominationPrivateKey dk_priv; @@ -184,7 +184,7 @@ test_planchets_rsa (void) static int test_planchets_cs (void) { - struct TALER_PlanchetSecretsP ps; + struct TALER_PlanchetMasterSecretP ps; struct TALER_CoinSpendPrivateKeyP coin_priv; union TALER_DenominationBlindingKeyP bks; struct TALER_DenominationPrivateKey dk_priv; diff --git a/src/util/test_helper_cs.c b/src/util/test_helper_cs.c index 4a3208e8a..3298834a6 100644 --- a/src/util/test_helper_cs.c +++ b/src/util/test_helper_cs.c @@ -266,20 +266,20 @@ test_r_derive (struct TALER_CRYPTO_CsDenominationHelper *dh) { enum TALER_ErrorCode ec; bool success = false; - struct TALER_PlanchetSecretsP ps; + struct TALER_PlanchetMasterSecretP ps; struct TALER_CoinSpendPrivateKeyP coin_priv; union TALER_DenominationBlindingKeyP bks; struct TALER_CoinPubHash c_hash; struct TALER_ExchangeWithdrawValues alg_values; - GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, - &ps, - sizeof (ps)); - + TALER_planchet_master_setup_random (&ps); alg_values.cipher = TALER_DENOMINATION_CS; - TALER_planchet_setup_coin_priv (&ps, &alg_values, &coin_priv); - TALER_planchet_blinding_secret_create (&ps, &alg_values, &bks); - + TALER_planchet_setup_coin_priv (&ps, + &alg_values, + &coin_priv); + TALER_planchet_blinding_secret_create (&ps, + &alg_values, + &bks); for (unsigned int i = 0; i