From 32bb3b14bf5cd623714985c8ca7fed0c5a923336 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Tue, 24 May 2016 20:13:31 +0200 Subject: fix #4483 --- src/exchange-lib/exchange_api_refresh.c | 171 ++++++--------------------- src/exchange-lib/exchange_api_refresh_link.c | 36 ++---- src/exchange-lib/exchange_api_reserve.c | 10 +- src/exchange-lib/test_exchange_api.c | 12 +- 4 files changed, 56 insertions(+), 173 deletions(-) (limited to 'src/exchange-lib') diff --git a/src/exchange-lib/exchange_api_refresh.c b/src/exchange-lib/exchange_api_refresh.c index e98b3c782..5f519a684 100644 --- a/src/exchange-lib/exchange_api_refresh.c +++ b/src/exchange-lib/exchange_api_refresh.c @@ -105,13 +105,9 @@ struct FreshCoinP struct TALER_CoinSpendPrivateKeyP coin_priv; /** - * Size of the encoded blinding key that follows. + * The blinding key. */ - uint32_t bbuf_size; - - /* Followed by serialization of: - - struct TALER_DenominationBlindingKey blinding_key; - */ + struct TALER_DenominationBlindingKeyP blinding_key; }; @@ -204,26 +200,6 @@ struct MeltedCoin }; -/** - * Coin-specific information about the fresh coins we generate during - * a melt. - */ -struct FreshCoin -{ - - /** - * Private key of the coin. - */ - struct TALER_CoinSpendPrivateKeyP coin_priv; - - /** - * Blinding key used for blinding during blind signing. - */ - struct TALER_DenominationBlindingKey blinding_key; - -}; - - /** * Melt data in non-serialized format for convenient processing. */ @@ -260,7 +236,7 @@ struct MeltData * Arrays of @e num_fresh_coins with information about the fresh * coins to be created, for each cut-and-choose dimension. */ - struct FreshCoin *fresh_coins[TALER_CNC_KAPPA]; + struct FreshCoinP *fresh_coins[TALER_CNC_KAPPA]; }; @@ -280,22 +256,6 @@ free_melted_coin (struct MeltedCoin *mc) } -/** - * Free all information associated with a fresh coin. - * - * @param fc fresh coin to release, the pointer itself is NOT - * freed (as it is typically not allocated by itself) - */ -static void -free_fresh_coin (struct FreshCoin *fc) -{ - if (NULL == fc) - return; - if (NULL != fc->blinding_key.rsa_blinding_key) - GNUNET_CRYPTO_rsa_blinding_key_free (fc->blinding_key.rsa_blinding_key); -} - - /** * Free all information associated with a melting session. Note * that we allow the melting session to be only partially initialized, @@ -309,7 +269,6 @@ static void free_melt_data (struct MeltData *md) { unsigned int i; - unsigned int j; free_melted_coin (&md->melted_coin); if (NULL != md->fresh_pks) @@ -321,11 +280,7 @@ free_melt_data (struct MeltData *md) } for (i=0;inum_fresh_coins;j++) - free_fresh_coin (&md->fresh_coins[i][j]); GNUNET_free (md->fresh_coins[i]); - } /* Finally, clean up a bit... (NOTE: compilers might optimize this away, so this is not providing any strong assurances that the key material @@ -567,31 +522,15 @@ deserialize_denomination_key (struct TALER_DenominationPublicKey *dk, * @a buf is NULL, number of bytes required */ static size_t -serialize_fresh_coin (const struct FreshCoin *fc, +serialize_fresh_coin (const struct FreshCoinP *fc, char *buf, size_t off) { - struct FreshCoinP fcp; - char *bbuf; - size_t bbuf_size; - - bbuf_size = GNUNET_CRYPTO_rsa_blinding_key_encode (fc->blinding_key.rsa_blinding_key, - &bbuf); - if (NULL == buf) - { - GNUNET_free (bbuf); - return sizeof (struct FreshCoinP) + bbuf_size; - } - fcp.coin_priv = fc->coin_priv; - fcp.bbuf_size = htonl ((uint32_t) bbuf_size); - memcpy (&buf[off], - &fcp, - sizeof (struct FreshCoinP)); - memcpy (&buf[off + sizeof (struct FreshCoinP)], - bbuf, - bbuf_size); - GNUNET_free (bbuf); - return sizeof (struct FreshCoinP) + bbuf_size; + if (NULL != buf) + memcpy (&buf[off], + fc, + sizeof (struct FreshCoinP)); + return sizeof (struct FreshCoinP); } @@ -605,41 +544,21 @@ serialize_fresh_coin (const struct FreshCoin *fc, * @return number of bytes read from @a buf, 0 on error */ static size_t -deserialize_fresh_coin (struct FreshCoin *fc, +deserialize_fresh_coin (struct FreshCoinP *fc, const char *buf, size_t size, int *ok) { - struct FreshCoinP fcp; - size_t bbuf_size; - if (size < sizeof (struct FreshCoinP)) { GNUNET_break (0); *ok = GNUNET_NO; return 0; } - memcpy (&fcp, + memcpy (fc, buf, sizeof (struct FreshCoinP)); - bbuf_size = ntohl (fcp.bbuf_size); - if (size < sizeof (struct FreshCoinP) + bbuf_size) - { - GNUNET_break (0); - *ok = GNUNET_NO; - return 0; - } - fc->blinding_key.rsa_blinding_key - = GNUNET_CRYPTO_rsa_blinding_key_decode (&buf[sizeof (struct FreshCoinP)], - bbuf_size); - if (NULL == fc->blinding_key.rsa_blinding_key) - { - GNUNET_break (0); - *ok = GNUNET_NO; - return 0; - } - fc->coin_priv = fcp.coin_priv; - return sizeof (struct FreshCoinP) + bbuf_size; + return sizeof (struct FreshCoinP); } @@ -734,7 +653,7 @@ deserialize_melt_data (const char *buf, struct TALER_DenominationPublicKey); for (i=0;ifresh_coins[i] = GNUNET_new_array (md->num_fresh_coins, - struct FreshCoin); + struct FreshCoinP); off = sizeof (struct MeltDataP); ok = GNUNET_YES; off += deserialize_melted_coin (&md->melted_coin, @@ -775,18 +694,17 @@ deserialize_melt_data (const char *buf, * @param pk denomination information for the fresh coin */ static void -setup_fresh_coin (struct FreshCoin *fc, +setup_fresh_coin (struct FreshCoinP *fc, const struct TALER_EXCHANGE_DenomPublicKey *pk) { struct GNUNET_CRYPTO_EddsaPrivateKey *epk; - unsigned int len; epk = GNUNET_CRYPTO_eddsa_key_create (); fc->coin_priv.eddsa_priv = *epk; GNUNET_free (epk); - len = GNUNET_CRYPTO_rsa_public_key_len (pk->key.rsa_public_key); - fc->blinding_key.rsa_blinding_key - = GNUNET_CRYPTO_rsa_blinding_key_create (len); + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &fc->blinding_key, + sizeof (fc->blinding_key)); } @@ -879,7 +797,7 @@ TALER_EXCHANGE_refresh_prepare (const struct TALER_CoinSpendPrivateKeyP *melt_pr for (i=0;icoin_priv.eddsa_priv, @@ -936,7 +852,7 @@ TALER_EXCHANGE_refresh_prepare (const struct TALER_CoinSpendPrivateKeyP *melt_pr sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), &coin_hash); coin_ev_size = GNUNET_CRYPTO_rsa_blind (&coin_hash, - fc->blinding_key.rsa_blinding_key, + &fc->blinding_key.bks, md.fresh_pks[j].rsa_public_key, &coin_ev); GNUNET_CRYPTO_hash_context_read (hash_context, @@ -946,15 +862,12 @@ TALER_EXCHANGE_refresh_prepare (const struct TALER_CoinSpendPrivateKeyP *melt_pr rld.coin_priv = fc->coin_priv; rld.blinding_key = fc->blinding_key; - rle = TALER_refresh_encrypt (&rld, - &md.link_secrets[i]); - link_enc = TALER_refresh_link_encrypted_encode (rle, - &link_enc_size); - + TALER_refresh_encrypt (&rld, + &md.link_secrets[i], + &rle); GNUNET_CRYPTO_hash_context_read (hash_context, - link_enc, - link_enc_size); - GNUNET_free (link_enc); + &rle, + sizeof (rle)); } } for (i = 0; i < TALER_CNC_KAPPA; i++) @@ -1431,25 +1344,17 @@ TALER_EXCHANGE_refresh_melt (struct TALER_EXCHANGE_Handle *exchange, tmp = json_array (); for (i=0;inum_fresh_coins;i++) { - const struct FreshCoin *fc = &md->fresh_coins[j][i]; - struct TALER_RefreshLinkDecrypted rld; - struct TALER_RefreshLinkEncrypted *rle; - char *buf; - size_t buf_len; + const struct FreshCoinP *fc = &md->fresh_coins[j][i]; + struct TALER_RefreshLinkDecryptedP rld; + struct TALER_RefreshLinkEncryptedP rle; rld.coin_priv = fc->coin_priv; rld.blinding_key = fc->blinding_key; - rle = TALER_refresh_encrypt (&rld, - &md->link_secrets[j]); - GNUNET_assert (NULL != rle); - buf = TALER_refresh_link_encrypted_encode (rle, - &buf_len); - GNUNET_assert (NULL != buf); + TALER_refresh_encrypt (&rld, + &md->link_secrets[j], + &rle); json_array_append (tmp, - GNUNET_JSON_from_data (buf, - buf_len)); - GNUNET_free (buf); - GNUNET_free (rle); + GNUNET_JSON_from_data_auto (&rle)); } json_array_append (link_encs, tmp); @@ -1461,7 +1366,7 @@ TALER_EXCHANGE_refresh_melt (struct TALER_EXCHANGE_Handle *exchange, tmp = json_array (); for (i=0;inum_fresh_coins;i++) { - const struct FreshCoin *fc = &md->fresh_coins[j][i]; + const struct FreshCoinP *fc = &md->fresh_coins[j][i]; struct TALER_CoinSpendPublicKeyP coin_pub; struct GNUNET_HashCode coin_hash; char *coin_ev; /* blinded message to be signed (in envelope) for each coin */ @@ -1473,7 +1378,7 @@ TALER_EXCHANGE_refresh_melt (struct TALER_EXCHANGE_Handle *exchange, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), &coin_hash); coin_ev_size = GNUNET_CRYPTO_rsa_blind (&coin_hash, - fc->blinding_key.rsa_blinding_key, + &fc->blinding_key.bks, md->fresh_pks[i].rsa_public_key, &coin_ev); json_array_append (tmp, @@ -1655,7 +1560,7 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshRevealHandle *rrh, } for (i=0;imd->num_fresh_coins;i++) { - const struct FreshCoin *fc; + const struct FreshCoinP *fc; struct TALER_DenominationPublicKey *pk; json_t *jsonai; struct GNUNET_CRYPTO_RsaSignature *blind_sig; @@ -1684,7 +1589,7 @@ refresh_reveal_ok (struct TALER_EXCHANGE_RefreshRevealHandle *rrh, /* unblind the signature */ sig = GNUNET_CRYPTO_rsa_unblind (blind_sig, - fc->blinding_key.rsa_blinding_key, + &fc->blinding_key.bks, pk->rsa_public_key); GNUNET_CRYPTO_rsa_signature_free (blind_sig); diff --git a/src/exchange-lib/exchange_api_refresh_link.c b/src/exchange-lib/exchange_api_refresh_link.c index cd3f6d72b..754a61d82 100644 --- a/src/exchange-lib/exchange_api_refresh_link.c +++ b/src/exchange-lib/exchange_api_refresh_link.c @@ -91,20 +91,18 @@ parse_refresh_link_coin (const struct TALER_EXCHANGE_RefreshLinkHandle *rlh, struct TALER_DenominationSignature *sig, struct TALER_DenominationPublicKey *pub) { - void *link_enc; - size_t link_enc_size; struct GNUNET_CRYPTO_RsaSignature *bsig; struct GNUNET_CRYPTO_RsaPublicKey *rpub; + struct TALER_RefreshLinkEncryptedP rle; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_varsize ("link_enc", &link_enc, &link_enc_size), + GNUNET_JSON_spec_fixed_auto ("link_enc", &rle), GNUNET_JSON_spec_rsa_public_key ("denom_pub", &rpub), GNUNET_JSON_spec_rsa_signature ("ev_sig", &bsig), GNUNET_JSON_spec_end() }; - struct TALER_RefreshLinkEncrypted *rle; - struct TALER_RefreshLinkDecrypted *rld; + struct TALER_RefreshLinkDecryptedP rld; struct TALER_LinkSecretP secret; - + /* parse reply */ if (GNUNET_OK != GNUNET_JSON_parse (json, @@ -115,15 +113,6 @@ parse_refresh_link_coin (const struct TALER_EXCHANGE_RefreshLinkHandle *rlh, return GNUNET_SYSERR; } - /* decode and decrypt link data */ - rle = TALER_refresh_link_encrypted_decode (link_enc, - link_enc_size); - if (NULL == rle) - { - GNUNET_break_op (0); - GNUNET_JSON_parse_free (spec); - return GNUNET_SYSERR; - } if (GNUNET_OK != TALER_link_decrypt_secret2 (secret_enc, trans_pub, @@ -134,24 +123,17 @@ parse_refresh_link_coin (const struct TALER_EXCHANGE_RefreshLinkHandle *rlh, GNUNET_JSON_parse_free (spec); return GNUNET_SYSERR; } - rld = TALER_refresh_decrypt (rle, - &secret); - if (NULL == rld) - { - GNUNET_break_op (0); - GNUNET_JSON_parse_free (spec); - return GNUNET_SYSERR; - } + TALER_refresh_decrypt (&rle, + &secret, + &rld); /* extract coin and signature */ - *coin_priv = rld->coin_priv; + *coin_priv = rld.coin_priv; sig->rsa_signature = GNUNET_CRYPTO_rsa_unblind (bsig, - rld->blinding_key.rsa_blinding_key, + &rld.blinding_key.bks, rpub); - /* clean up */ - GNUNET_free (rld); pub->rsa_public_key = GNUNET_CRYPTO_rsa_public_key_dup (rpub); GNUNET_JSON_parse_free (spec); return GNUNET_OK; diff --git a/src/exchange-lib/exchange_api_reserve.c b/src/exchange-lib/exchange_api_reserve.c index 56cc3dc54..9c0314d0f 100644 --- a/src/exchange-lib/exchange_api_reserve.c +++ b/src/exchange-lib/exchange_api_reserve.c @@ -497,7 +497,7 @@ struct TALER_EXCHANGE_ReserveWithdrawHandle /** * Key used to blind the value. */ - const struct TALER_DenominationBlindingKey *blinding_key; + struct TALER_DenominationBlindingKeyP blinding_key; /** * Denomination key we are withdrawing. @@ -557,7 +557,7 @@ reserve_withdraw_ok (struct TALER_EXCHANGE_ReserveWithdrawHandle *wsh, return GNUNET_SYSERR; } sig = GNUNET_CRYPTO_rsa_unblind (blind_sig, - wsh->blinding_key->rsa_blinding_key, + &wsh->blinding_key.bks, wsh->pk->key.rsa_public_key); GNUNET_CRYPTO_rsa_signature_free (blind_sig); if (GNUNET_OK != @@ -777,7 +777,7 @@ TALER_EXCHANGE_reserve_withdraw (struct TALER_EXCHANGE_Handle *exchange, const struct TALER_EXCHANGE_DenomPublicKey *pk, const struct TALER_ReservePrivateKeyP *reserve_priv, const struct TALER_CoinSpendPrivateKeyP *coin_priv, - const struct TALER_DenominationBlindingKey *blinding_key, + const struct TALER_DenominationBlindingKeyP *blinding_key, TALER_EXCHANGE_ReserveWithdrawResultCallback res_cb, void *res_cb_cls) { @@ -804,7 +804,7 @@ TALER_EXCHANGE_reserve_withdraw (struct TALER_EXCHANGE_Handle *exchange, sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey), &wsh->c_hash); coin_ev_size = GNUNET_CRYPTO_rsa_blind (&wsh->c_hash, - blinding_key->rsa_blinding_key, + &blinding_key->bks, pk->key.rsa_public_key, &coin_ev); GNUNET_CRYPTO_eddsa_key_get_public (&reserve_priv->eddsa_priv, @@ -845,7 +845,7 @@ TALER_EXCHANGE_reserve_withdraw (struct TALER_EXCHANGE_Handle *exchange, "reserve_sig", GNUNET_JSON_from_data_auto (&reserve_sig)); GNUNET_free (coin_ev); - wsh->blinding_key = blinding_key; + wsh->blinding_key = *blinding_key; wsh->url = MAH_path_to_url (exchange, "/reserve/withdraw"); eh = curl_easy_init (); diff --git a/src/exchange-lib/test_exchange_api.c b/src/exchange-lib/test_exchange_api.c index 6612609fa..c9140b3fb 100644 --- a/src/exchange-lib/test_exchange_api.c +++ b/src/exchange-lib/test_exchange_api.c @@ -328,7 +328,7 @@ struct Command /** * Blinding key used for the operation. */ - struct TALER_DenominationBlindingKey blinding_key; + struct TALER_DenominationBlindingKeyP blinding_key; /** * Withdraw handle (while operation is running). @@ -1796,8 +1796,9 @@ interpreter_run (void *cls) } GNUNET_CRYPTO_eddsa_key_get_public (&cmd->details.reserve_withdraw.coin_priv.eddsa_priv, &coin_pub.eddsa_pub); - cmd->details.reserve_withdraw.blinding_key.rsa_blinding_key - = GNUNET_CRYPTO_rsa_blinding_key_create (GNUNET_CRYPTO_rsa_public_key_len (cmd->details.reserve_withdraw.pk->key.rsa_public_key)); + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK, + &cmd->details.reserve_withdraw.blinding_key, + sizeof (cmd->details.reserve_withdraw.blinding_key)); cmd->details.reserve_withdraw.wsh = TALER_EXCHANGE_reserve_withdraw (exchange, cmd->details.reserve_withdraw.pk, @@ -2411,11 +2412,6 @@ do_shutdown (void *cls) GNUNET_CRYPTO_rsa_signature_free (cmd->details.reserve_withdraw.sig.rsa_signature); cmd->details.reserve_withdraw.sig.rsa_signature = NULL; } - if (NULL != cmd->details.reserve_withdraw.blinding_key.rsa_blinding_key) - { - GNUNET_CRYPTO_rsa_blinding_key_free (cmd->details.reserve_withdraw.blinding_key.rsa_blinding_key); - cmd->details.reserve_withdraw.blinding_key.rsa_blinding_key = NULL; - } break; case OC_DEPOSIT: if (NULL != cmd->details.deposit.dh) -- cgit v1.2.3