From 19624fd776f28812354f7e2b50b26e984ff077ab Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Sun, 20 Feb 2022 21:51:41 +0100 Subject: -ensure different HKDF is used in melt vs. withdraw --- src/exchange/taler-exchange-httpd_csr.c | 12 +-- src/exchange/taler-exchange-httpd_keys.c | 96 +++++++++++++++++++--- src/exchange/taler-exchange-httpd_keys.h | 47 +++++++++-- .../taler-exchange-httpd_refreshes_reveal.c | 6 +- src/exchange/taler-exchange-httpd_withdraw.c | 2 +- 5 files changed, 136 insertions(+), 27 deletions(-) (limited to 'src/exchange') diff --git a/src/exchange/taler-exchange-httpd_csr.c b/src/exchange/taler-exchange-httpd_csr.c index 423835979..94b55c706 100644 --- a/src/exchange/taler-exchange-httpd_csr.c +++ b/src/exchange/taler-exchange-httpd_csr.c @@ -179,9 +179,9 @@ TEH_handler_csr_melt (struct TEH_RequestContext *rc, /* derive r_pub */ // FIXME: bundle all requests into one derivation request (TEH_keys_..., crypto helper, security module) - ec = TEH_keys_denomination_cs_r_pub (denom_pub_hash, - nonce, - r_pub); + ec = TEH_keys_denomination_cs_r_pub_melt (denom_pub_hash, + nonce, + r_pub); if (TALER_EC_NONE != ec) { GNUNET_break (0); @@ -316,9 +316,9 @@ TEH_handler_csr_withdraw (struct TEH_RequestContext *rc, { enum TALER_ErrorCode ec; - ec = TEH_keys_denomination_cs_r_pub (&denom_pub_hash, - &nonce, - &ewv.details.cs_values); + ec = TEH_keys_denomination_cs_r_pub_withdraw (&denom_pub_hash, + &nonce, + &ewv.details.cs_values); if (TALER_EC_NONE != ec) { GNUNET_break (0); diff --git a/src/exchange/taler-exchange-httpd_keys.c b/src/exchange/taler-exchange-httpd_keys.c index 695ce9777..60c9c6eb0 100644 --- a/src/exchange/taler-exchange-httpd_keys.c +++ b/src/exchange/taler-exchange-httpd_keys.c @@ -2432,9 +2432,49 @@ TEH_keys_denomination_by_hash2 ( enum TALER_ErrorCode -TEH_keys_denomination_sign (const struct TALER_DenominationHash *h_denom_pub, - const struct TALER_BlindedPlanchet *bp, - struct TALER_BlindedDenominationSignature *bs) +TEH_keys_denomination_sign_withdraw ( + const struct TALER_DenominationHash *h_denom_pub, + const struct TALER_BlindedPlanchet *bp, + struct TALER_BlindedDenominationSignature *bs) +{ + struct TEH_KeyStateHandle *ksh; + struct HelperDenomination *hd; + + ksh = TEH_keys_get_state (); + if (NULL == ksh) + return TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING; + hd = GNUNET_CONTAINER_multihashmap_get (ksh->helpers->denom_keys, + &h_denom_pub->hash); + if (NULL == hd) + return TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN; + if (bp->cipher != hd->denom_pub.cipher) + return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE; + switch (hd->denom_pub.cipher) + { + case TALER_DENOMINATION_RSA: + return TALER_CRYPTO_helper_rsa_sign ( + ksh->helpers->rsadh, + &hd->h_details.h_rsa, + bp->details.rsa_blinded_planchet.blinded_msg, + bp->details.rsa_blinded_planchet.blinded_msg_size, + bs); + case TALER_DENOMINATION_CS: + return TALER_CRYPTO_helper_cs_sign_withdraw ( + ksh->helpers->csdh, + &hd->h_details.h_cs, + &bp->details.cs_blinded_planchet, + bs); + default: + return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE; + } +} + + +enum TALER_ErrorCode +TEH_keys_denomination_sign_melt ( + const struct TALER_DenominationHash *h_denom_pub, + const struct TALER_BlindedPlanchet *bp, + struct TALER_BlindedDenominationSignature *bs) { struct TEH_KeyStateHandle *ksh; struct HelperDenomination *hd; @@ -2458,7 +2498,7 @@ TEH_keys_denomination_sign (const struct TALER_DenominationHash *h_denom_pub, bp->details.rsa_blinded_planchet.blinded_msg_size, bs); case TALER_DENOMINATION_CS: - return TALER_CRYPTO_helper_cs_sign ( + return TALER_CRYPTO_helper_cs_sign_melt ( ksh->helpers->csdh, &hd->h_details.h_cs, &bp->details.cs_blinded_planchet, @@ -2470,10 +2510,42 @@ TEH_keys_denomination_sign (const struct TALER_DenominationHash *h_denom_pub, enum TALER_ErrorCode -TEH_keys_denomination_cs_r_pub (const struct - TALER_DenominationHash *h_denom_pub, - const struct TALER_CsNonce *nonce, - struct TALER_DenominationCSPublicRPairP *r_pub) +TEH_keys_denomination_cs_r_pub_melt ( + const struct TALER_DenominationHash *h_denom_pub, + const struct TALER_CsNonce *nonce, + struct TALER_DenominationCSPublicRPairP *r_pub) +{ + struct TEH_KeyStateHandle *ksh; + struct HelperDenomination *hd; + + ksh = TEH_keys_get_state (); + if (NULL == ksh) + { + return TALER_EC_EXCHANGE_GENERIC_KEYS_MISSING; + } + hd = GNUNET_CONTAINER_multihashmap_get (ksh->helpers->denom_keys, + &h_denom_pub->hash); + if (NULL == hd) + { + return TALER_EC_EXCHANGE_GENERIC_DENOMINATION_KEY_UNKNOWN; + } + if (TALER_DENOMINATION_CS != hd->denom_pub.cipher) + { + return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE; + } + + return TALER_CRYPTO_helper_cs_r_derive_melt (ksh->helpers->csdh, + &hd->h_details.h_cs, + nonce, + r_pub); +} + + +enum TALER_ErrorCode +TEH_keys_denomination_cs_r_pub_withdraw ( + const struct TALER_DenominationHash *h_denom_pub, + const struct TALER_CsNonce *nonce, + struct TALER_DenominationCSPublicRPairP *r_pub) { struct TEH_KeyStateHandle *ksh; struct HelperDenomination *hd; @@ -2494,10 +2566,10 @@ TEH_keys_denomination_cs_r_pub (const struct return TALER_EC_GENERIC_INTERNAL_INVARIANT_FAILURE; } - return TALER_CRYPTO_helper_cs_r_derive (ksh->helpers->csdh, - &hd->h_details.h_cs, - nonce, - r_pub); + return TALER_CRYPTO_helper_cs_r_derive_withdraw (ksh->helpers->csdh, + &hd->h_details.h_cs, + nonce, + r_pub); } diff --git a/src/exchange/taler-exchange-httpd_keys.h b/src/exchange/taler-exchange-httpd_keys.h index a329c4f12..7c6fb3e33 100644 --- a/src/exchange/taler-exchange-httpd_keys.h +++ b/src/exchange/taler-exchange-httpd_keys.h @@ -169,22 +169,57 @@ TEH_keys_denomination_by_hash2 ( /** * Request to sign @a msg using the public key corresponding to - * @a h_denom_pub. + * @a h_denom_pub during a withdraw operation. * * @param h_denom_pub hash of the public key to use to sign * @param bp blinded planchet to sign + * @param is_melt should we use the KDF for melting? * @param[out] bs set to the blind signature on success * @return #TALER_EC_NONE on success */ enum TALER_ErrorCode -TEH_keys_denomination_sign (const struct TALER_DenominationHash *h_denom_pub, - const struct TALER_BlindedPlanchet *bp, - struct TALER_BlindedDenominationSignature *bs); +TEH_keys_denomination_sign_withdraw ( + const struct TALER_DenominationHash *h_denom_pub, + const struct TALER_BlindedPlanchet *bp, + struct TALER_BlindedDenominationSignature *bs); + + +/** + * Request to sign @a msg using the public key corresponding to + * @a h_denom_pub during a refresh operation. + * + * @param h_denom_pub hash of the public key to use to sign + * @param bp blinded planchet to sign + * @param is_melt should we use the KDF for melting? + * @param[out] bs set to the blind signature on success + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TEH_keys_denomination_sign_melt ( + const struct TALER_DenominationHash *h_denom_pub, + const struct TALER_BlindedPlanchet *bp, + struct TALER_BlindedDenominationSignature *bs); + + +/** + * Request to derive CS @a r_pub using the denomination corresponding to @a h_denom_pub + * and @a nonce for withdrawing. + * + * @param h_denom_pub hash of the public key to use to derive r_pub + * @param nonce withdraw/refresh nonce + * @param[out] r_pub where to write the result + * @return #TALER_EC_NONE on success + */ +enum TALER_ErrorCode +TEH_keys_denomination_cs_r_pub_withdraw ( + const struct TALER_DenominationHash *h_denom_pub, + const struct TALER_CsNonce *nonce, + struct TALER_DenominationCSPublicRPairP *r_pub); /** * Request to derive CS @a r_pub using the denomination corresponding to @a h_denom_pub - * and @a nonce. + * and @a nonce for melting. * * @param h_denom_pub hash of the public key to use to derive r_pub * @param nonce withdraw/refresh nonce @@ -192,7 +227,7 @@ TEH_keys_denomination_sign (const struct TALER_DenominationHash *h_denom_pub, * @return #TALER_EC_NONE on success */ enum TALER_ErrorCode -TEH_keys_denomination_cs_r_pub ( +TEH_keys_denomination_cs_r_pub_melt ( const struct TALER_DenominationHash *h_denom_pub, const struct TALER_CsNonce *nonce, struct TALER_DenominationCSPublicRPairP *r_pub); diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c b/src/exchange/taler-exchange-httpd_refreshes_reveal.c index 9e47f4664..0a4dd638b 100644 --- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c +++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c @@ -216,7 +216,7 @@ check_commitment (struct RevealContext *rctx, { enum TALER_ErrorCode ec; - ec = TEH_keys_denomination_cs_r_pub ( + ec = TEH_keys_denomination_cs_r_pub_melt ( &rctx->rrcs[j].h_denom_pub, &nonces[aoff], &alg_values->details.cs_values); @@ -733,7 +733,9 @@ clean_age: { enum TALER_ErrorCode ec; - ec = TEH_keys_denomination_sign ( + // FIXME: replace with a batch call that + // passes all coins in once go! + ec = TEH_keys_denomination_sign_melt ( &rrcs[i].h_denom_pub, &rcds[i].blinded_planchet, &rrcs[i].coin_sig); diff --git a/src/exchange/taler-exchange-httpd_withdraw.c b/src/exchange/taler-exchange-httpd_withdraw.c index cc6e92edf..5f159a429 100644 --- a/src/exchange/taler-exchange-httpd_withdraw.c +++ b/src/exchange/taler-exchange-httpd_withdraw.c @@ -505,7 +505,7 @@ TEH_handler_withdraw (struct TEH_RequestContext *rc, } /* Sign before transaction! */ - ec = TEH_keys_denomination_sign ( + ec = TEH_keys_denomination_sign_withdraw ( &wc.collectable.denom_pub_hash, &wc.blinded_planchet, &wc.collectable.sig); -- cgit v1.2.3