From d3b714922f2fecfeda09a9331a48ba58ab42857a Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Fri, 4 Dec 2020 12:09:27 +0100 Subject: conditionally use (un)blinding implementation from libgnunetutil --- src/exchange/taler-exchange-httpd_recoup.c | 10 ++-- src/include/taler_crypto_lib.h | 33 ++++++++++++ src/lib/exchange_api_link.c | 6 +-- src/util/crypto.c | 83 +++++++++++++++++++++++++++--- src/util/test_helper_rsa.c | 26 +++++----- 5 files changed, 129 insertions(+), 29 deletions(-) diff --git a/src/exchange/taler-exchange-httpd_recoup.c b/src/exchange/taler-exchange-httpd_recoup.c index 083950f81..fe8b8d603 100644 --- a/src/exchange/taler-exchange-httpd_recoup.c +++ b/src/exchange/taler-exchange-httpd_recoup.c @@ -438,11 +438,11 @@ verify_and_execute_recoup (struct MHD_Connection *connection, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), &c_hash); if (GNUNET_YES != - GNUNET_CRYPTO_rsa_blind (&c_hash, - &coin_bks->bks, - dki->denom_pub.rsa_public_key, - &coin_ev, - &coin_ev_size)) + TALER_rsa_blind (&c_hash, + &coin_bks->bks, + dki->denom_pub.rsa_public_key, + &coin_ev, + &coin_ev_size)) { GNUNET_break (0); TEH_KS_release (key_state); diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index ae7385058..5e50ddd3f 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -1142,4 +1142,37 @@ TALER_merchant_wire_signature_make ( struct TALER_MerchantSignatureP *merch_sig); +/** + * Blinds the given message with the given blinding key + * + * @param hash hash of the message to sign + * @param bkey the blinding key + * @param pkey the public key of the signer + * @param[out] buf set to a buffer with the blinded message to be signed + * @param[out] buf_size number of bytes stored in @a buf + * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious + */ +int +TALER_rsa_blind (const struct GNUNET_HashCode *hash, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, + struct GNUNET_CRYPTO_RsaPublicKey *pkey, + void **buf, + size_t *buf_size); + + +/** + * Unblind a blind-signed signature. The signature should have been generated + * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with + * #GNUNET_CRYPTO_rsa_blind(). + * + * @param sig the signature made on the blinded signature purpose + * @param bks the blinding key secret used to blind the signature purpose + * @param pkey the public key of the signer + * @return unblinded signature on success, NULL if RSA key is bad or malicious. + */ +struct GNUNET_CRYPTO_RsaSignature * +TALER_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, + struct GNUNET_CRYPTO_RsaPublicKey *pkey); + #endif diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c index 383efba5b..33a77cddf 100644 --- a/src/lib/exchange_api_link.c +++ b/src/lib/exchange_api_link.c @@ -123,9 +123,9 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, /* extract coin and signature */ *coin_priv = fc.coin_priv; sig->rsa_signature - = GNUNET_CRYPTO_rsa_unblind (bsig, - &fc.blinding_key.bks, - rpub); + = TALER_rsa_unblind (bsig, + &fc.blinding_key.bks, + rpub); /* verify link_sig */ { struct TALER_PlanchetDetail pd; diff --git a/src/util/crypto.c b/src/util/crypto.c index b75cd8b4e..1b829c9f3 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -25,6 +25,19 @@ #include "taler_util.h" #include +/** + * Should we use the RSA blind signing implementation + * from libgnunetutil? The blinding only works + * correctly with a current version of libgnunetutil. + * + * Only applies to blinding and unblinding, but + * not to blind signing. + * + * FIXME: Can we define some macro for this in configure.ac + * to detect the version? + */ +#define USE_GNUNET_RSA_BLINDING 1 + /** * Function called by libgcrypt on serious errors. @@ -245,11 +258,11 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), c_hash); if (GNUNET_YES != - GNUNET_CRYPTO_rsa_blind (c_hash, - &ps->blinding_key.bks, - dk->rsa_public_key, - &pd->coin_ev, - &pd->coin_ev_size)) + TALER_rsa_blind (c_hash, + &ps->blinding_key.bks, + dk->rsa_public_key, + &pd->coin_ev, + &pd->coin_ev_size)) { GNUNET_break_op (0); return GNUNET_SYSERR; @@ -280,9 +293,9 @@ TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk, { struct GNUNET_CRYPTO_RsaSignature *sig; - sig = GNUNET_CRYPTO_rsa_unblind (blind_sig, - &ps->blinding_key.bks, - dk->rsa_public_key); + sig = TALER_rsa_unblind (blind_sig, + &ps->blinding_key.bks, + dk->rsa_public_key); if (GNUNET_OK != GNUNET_CRYPTO_rsa_verify (c_hash, sig, @@ -381,4 +394,58 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc, } +/** + * Blinds the given message with the given blinding key + * + * @param hash hash of the message to sign + * @param bkey the blinding key + * @param pkey the public key of the signer + * @param[out] buf set to a buffer with the blinded message to be signed + * @param[out] buf_size number of bytes stored in @a buf + * @return #GNUNET_YES if successful, #GNUNET_NO if RSA key is malicious + */ +int +TALER_rsa_blind (const struct GNUNET_HashCode *hash, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, + struct GNUNET_CRYPTO_RsaPublicKey *pkey, + void **buf, + size_t *buf_size) +{ +#if USE_GNUNET_RSA_BLINDING + return GNUNET_CRYPTO_rsa_blind (hash, + bks, + pkey, + buf, + buf_size); +#else +# error "FIXME: implement" +#endif +} + + +/** + * Unblind a blind-signed signature. The signature should have been generated + * with #GNUNET_CRYPTO_rsa_sign() using a hash that was blinded with + * #GNUNET_CRYPTO_rsa_blind(). + * + * @param sig the signature made on the blinded signature purpose + * @param bks the blinding key secret used to blind the signature purpose + * @param pkey the public key of the signer + * @return unblinded signature on success, NULL if RSA key is bad or malicious. + */ +struct GNUNET_CRYPTO_RsaSignature * +TALER_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig, + const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks, + struct GNUNET_CRYPTO_RsaPublicKey *pkey) +{ +#if USE_GNUNET_RSA_BLINDING + return GNUNET_CRYPTO_rsa_unblind (sig, + bks, + pkey); +#else +# error "FIXME: implement" +#endif +} + + /* end of crypto.c */ diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c index f291f27e4..f86ebdefb 100644 --- a/src/util/test_helper_rsa.c +++ b/src/util/test_helper_rsa.c @@ -254,11 +254,11 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh) void *buf; size_t buf_size; GNUNET_assert (GNUNET_YES == - GNUNET_CRYPTO_rsa_blind (&m_hash, - &bks, - keys[i].denom_pub.rsa_public_key, - &buf, - &buf_size)); + TALER_rsa_blind (&m_hash, + &bks, + keys[i].denom_pub.rsa_public_key, + &buf, + &buf_size)); GNUNET_log (GNUNET_ERROR_TYPE_INFO, "Requesting signature over %u bytes with key %s\n", (unsigned int) buf_size, @@ -290,9 +290,9 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh) { struct GNUNET_CRYPTO_RsaSignature *rs; - rs = GNUNET_CRYPTO_rsa_unblind (ds.rsa_signature, - &bks, - keys[i].denom_pub.rsa_public_key); + rs = TALER_rsa_unblind (ds.rsa_signature, + &bks, + keys[i].denom_pub.rsa_public_key); if (NULL == rs) { GNUNET_break (0); @@ -409,11 +409,11 @@ perf_signing (struct TALER_CRYPTO_DenominationHelper *dh) size_t buf_size; GNUNET_assert (GNUNET_YES == - GNUNET_CRYPTO_rsa_blind (&m_hash, - &bks, - keys[i].denom_pub.rsa_public_key, - &buf, - &buf_size)); + TALER_rsa_blind (&m_hash, + &bks, + keys[i].denom_pub.rsa_public_key, + &buf, + &buf_size)); /* use this key as long as it works */ while (1) { -- cgit v1.2.3