From 745719dbc1482734ab3ca7a20541ee8a12ecb69c Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 5 Aug 2016 16:08:19 +0200 Subject: first half of changing refresh protocol to derive all key data from DH --- src/exchange/taler-exchange-httpd_db.c | 61 ++++++--------- src/exchange/taler-exchange-httpd_db.h | 4 +- src/exchange/taler-exchange-httpd_refresh.c | 106 ++++++++------------------ src/exchange/taler-exchange-httpd_responses.c | 22 +----- src/exchange/taler-exchange-httpd_responses.h | 5 -- src/exchange/taler-exchange-httpd_test.c | 17 +---- 6 files changed, 67 insertions(+), 148 deletions(-) (limited to 'src/exchange') diff --git a/src/exchange/taler-exchange-httpd_db.c b/src/exchange/taler-exchange-httpd_db.c index 99805653e..9847a7ba3 100644 --- a/src/exchange/taler-exchange-httpd_db.c +++ b/src/exchange/taler-exchange-httpd_db.c @@ -973,7 +973,7 @@ refresh_check_melt (struct MHD_Connection *connection, * @param commit_coin 2d array of coin commitments (what the exchange is to sign * once the "/refres/reveal" of cut and choose is done), * x-dimension must be #TALER_CNC_KAPPA - * @param commit_link array of coin link commitments (what the exchange is + * @param transfer_pubs array of transfer public keys (what the exchange is * to return via "/refresh/link" to enable linkage in the * future) of length #TALER_CNC_KAPPA * @return MHD result code @@ -985,7 +985,7 @@ TMH_DB_execute_refresh_melt (struct MHD_Connection *connection, const struct TALER_DenominationPublicKey *denom_pubs, const struct TMH_DB_MeltDetails *coin_melt_detail, struct TALER_EXCHANGEDB_RefreshCommitCoin *const* commit_coin, - const struct TALER_RefreshCommitLinkP *commit_link) + const struct TALER_TransferPublicKeyP *transfer_pubs) { struct TMH_KS_StateHandle *key_state; struct TALER_EXCHANGEDB_RefreshSession refresh_session; @@ -1082,11 +1082,11 @@ TMH_DB_execute_refresh_melt (struct MHD_Connection *connection, for (i = 0; i < TALER_CNC_KAPPA; i++) { if (GNUNET_OK != - TMH_plugin->insert_refresh_commit_link (TMH_plugin->cls, - session, - session_hash, - i, - &commit_link[i])) + TMH_plugin->insert_refresh_transfer_public_key (TMH_plugin->cls, + session, + session_hash, + i, + &transfer_pubs[i])) { TMH_plugin->rollback (TMH_plugin->cls, session); @@ -1180,19 +1180,19 @@ check_commitment (struct MHD_Connection *connection, unsigned int num_newcoins, const struct TALER_DenominationPublicKey *denom_pubs) { - struct TALER_RefreshCommitLinkP commit_link; - struct TALER_LinkSecretP shared_secret; + struct TALER_TransferPublicKeyP transfer_pub; + struct TALER_TransferSecretP transfer_secret; struct TALER_TransferPublicKeyP transfer_pub_check; struct TALER_EXCHANGEDB_RefreshCommitCoin *commit_coins; unsigned int j; int ret; if (GNUNET_OK != - TMH_plugin->get_refresh_commit_link (TMH_plugin->cls, - session, - session_hash, - off, - &commit_link)) + TMH_plugin->get_refresh_transfer_public_key (TMH_plugin->cls, + session, + session_hash, + off, + &transfer_pub)) { GNUNET_break (0); return (MHD_YES == TMH_RESPONSE_reply_internal_db_error (connection)) @@ -1203,7 +1203,7 @@ check_commitment (struct MHD_Connection *connection, &transfer_pub_check.ecdhe_pub); if (0 != memcmp (&transfer_pub_check, - &commit_link.transfer_pub, + &transfer_pub, sizeof (struct TALER_TransferPublicKeyP))) { GNUNET_log (GNUNET_ERROR_TYPE_WARNING, @@ -1217,17 +1217,9 @@ check_commitment (struct MHD_Connection *connection, "transfer key"); } - if (GNUNET_OK != - TALER_link_decrypt_secret (&commit_link.shared_secret_enc, - transfer_priv, - &melt->coin.coin_pub, - &shared_secret)) - { - return (MHD_YES == - TMH_RESPONSE_reply_internal_error (connection, - "Transfer secret decryption error")) - ? GNUNET_NO : GNUNET_SYSERR; - } + TALER_link_reveal_transfer_secret (transfer_priv, + &melt->coin.coin_pub, + &transfer_secret); /* Check that the commitments for all new coins were correct */ commit_coins = GNUNET_new_array (num_newcoins, @@ -1249,23 +1241,23 @@ check_commitment (struct MHD_Connection *connection, for (j = 0; j < num_newcoins; j++) { - struct TALER_RefreshLinkDecryptedP link_data; + struct TALER_FreshCoinP fc; struct TALER_CoinSpendPublicKeyP coin_pub; struct GNUNET_HashCode h_msg; char *buf; size_t buf_len; - TALER_refresh_decrypt (&commit_coins[j].refresh_link, - &shared_secret, - &link_data); - GNUNET_CRYPTO_eddsa_key_get_public (&link_data.coin_priv.eddsa_priv, + TALER_setup_fresh_coin (&transfer_secret, + j, + &fc); + GNUNET_CRYPTO_eddsa_key_get_public (&fc.coin_priv.eddsa_priv, &coin_pub.eddsa_pub); GNUNET_CRYPTO_hash (&coin_pub, sizeof (struct TALER_CoinSpendPublicKeyP), &h_msg); if (GNUNET_YES != GNUNET_CRYPTO_rsa_blind (&h_msg, - &link_data.blinding_key.bks, + &fc.blinding_key.bks, denom_pubs[j].rsa_public_key, &buf, &buf_len)) @@ -1598,13 +1590,11 @@ struct HTD_Context * @param cls closure, a `struct HTD_Context` * @param session_hash a session the coin was melted in * @param transfer_pub public transfer key for the session - * @param shared_secret_enc set to shared secret for the session */ static void handle_transfer_data (void *cls, const struct GNUNET_HashCode *session_hash, - const struct TALER_TransferPublicKeyP *transfer_pub, - const struct TALER_EncryptedLinkSecretP *shared_secret_enc) + const struct TALER_TransferPublicKeyP *transfer_pub) { struct HTD_Context *ctx = cls; struct TALER_EXCHANGEDB_LinkDataList *ldl; @@ -1632,7 +1622,6 @@ handle_transfer_data (void *cls, ctx->num_sessions + 1); lsi = &ctx->sessions[ctx->num_sessions - 1]; lsi->transfer_pub = *transfer_pub; - lsi->shared_secret_enc = *shared_secret_enc; lsi->ldl = ldl; } diff --git a/src/exchange/taler-exchange-httpd_db.h b/src/exchange/taler-exchange-httpd_db.h index 8685cd5ae..67fe8d5b4 100644 --- a/src/exchange/taler-exchange-httpd_db.h +++ b/src/exchange/taler-exchange-httpd_db.h @@ -136,7 +136,7 @@ struct TMH_DB_MeltDetails * @param coin_melt_details signatures and (residual) value of and information about the respective coin to be melted * @param commit_coin 2d array of coin commitments (what the exchange is to sign * once the "/refres/reveal" of cut and choose is done) - * @param commit_link array of coin link commitments (what the exchange is + * @param transfer_pubs array of transfer public keys (what the exchange is * to return via "/refresh/link" to enable linkage in the * future) of length #TALER_CNC_KAPPA * @return MHD result code @@ -148,7 +148,7 @@ TMH_DB_execute_refresh_melt (struct MHD_Connection *connection, const struct TALER_DenominationPublicKey *denom_pubs, const struct TMH_DB_MeltDetails *coin_melt_details, struct TALER_EXCHANGEDB_RefreshCommitCoin *const* commit_coin, - const struct TALER_RefreshCommitLinkP *commit_link); + const struct TALER_TransferPublicKeyP *transfer_pubs); /** diff --git a/src/exchange/taler-exchange-httpd_refresh.c b/src/exchange/taler-exchange-httpd_refresh.c index 40a00e163..3dbffe511 100644 --- a/src/exchange/taler-exchange-httpd_refresh.c +++ b/src/exchange/taler-exchange-httpd_refresh.c @@ -43,7 +43,7 @@ * @param session_hash hash over the data that the client commits to * @param commit_coin 2d array of coin commitments (what the exchange is to sign * once the "/refres/reveal" of cut and choose is done) - * @param commit_link array of coin link commitments (what the exchange is + * @param transfer_pubs array of transfer public keys (which the exchange is * to return via "/refresh/link" to enable linkage in the * future) of length #TALER_CNC_KAPPA * @return MHD result code @@ -55,7 +55,7 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, const struct TMH_DB_MeltDetails *coin_melt_details, const struct GNUNET_HashCode *session_hash, struct TALER_EXCHANGEDB_RefreshCommitCoin *const* commit_coin, - const struct TALER_RefreshCommitLinkP * commit_link) + const struct TALER_TransferPublicKeyP *transfer_pubs) { unsigned int i; struct TMH_KS_StateHandle *key_state; @@ -146,7 +146,7 @@ handle_refresh_melt_binary (struct MHD_Connection *connection, denom_pubs, coin_melt_details, commit_coin, - commit_link); + transfer_pubs); } @@ -321,9 +321,7 @@ free_commit_coins (struct TALER_EXCHANGEDB_RefreshCommitCoin **commit_coin, * @param new_denoms array of denomination keys * @param melt_coin coin to melt * @param transfer_pubs #TALER_CNC_KAPPA-dimensional array of transfer keys - * @param secret_encs #TALER_CNC_KAPPA-dimensional array of old coin secrets * @param coin_evs #TALER_CNC_KAPPA-dimensional array of envelopes to sign - * @param link_encs #TALER_CNC_KAPPA-dimensional array of `length(@a new_denoms)` encrypted links (2D array) * @return MHD result code */ static int @@ -331,9 +329,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection, const json_t *new_denoms, const json_t *melt_coin, const json_t *transfer_pubs, - const json_t *secret_encs, - const json_t *coin_evs, - const json_t *link_encs) + const json_t *coin_evs) { int res; unsigned int i; @@ -344,11 +340,36 @@ handle_refresh_melt_json (struct MHD_Connection *connection, struct GNUNET_HashCode session_hash; struct GNUNET_HashContext *hash_context; struct TALER_EXCHANGEDB_RefreshCommitCoin *commit_coin[TALER_CNC_KAPPA]; - struct TALER_RefreshCommitLinkP commit_link[TALER_CNC_KAPPA]; + struct TALER_TransferPublicKeyP transfer_pub[TALER_CNC_KAPPA]; + /* For the signature check, we hash most of the inputs together (except for the signatures on the coins). */ hash_context = GNUNET_CRYPTO_hash_context_start (); + + for (i = 0; i < TALER_CNC_KAPPA; i++) + { + struct GNUNET_JSON_Specification trans_spec[] = { + GNUNET_JSON_spec_fixed_auto (NULL, &transfer_pub[i]), + GNUNET_JSON_spec_end () + }; + + res = TMH_PARSE_json_array (connection, + transfer_pubs, + trans_spec, + i, -1); + if (GNUNET_OK != res) + { + GNUNET_break_op (0); + res = (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; + goto cleanup; + } + GNUNET_CRYPTO_hash_context_read (hash_context, + &transfer_pub[i], + sizeof (struct TALER_TransferPublicKeyP)); + } + + num_newcoins = json_array_size (new_denoms); denom_pubs = GNUNET_new_array (num_newcoins, struct TALER_DenominationPublicKey); @@ -405,7 +426,6 @@ handle_refresh_melt_json (struct MHD_Connection *connection, /* parse JSON arrays into binary arrays and hash everything together for the signature check */ memset (commit_coin, 0, sizeof (commit_coin)); - memset (commit_link, 0, sizeof (commit_link)); for (i = 0; i < TALER_CNC_KAPPA; i++) { commit_coin[i] = GNUNET_new_array (num_newcoins, @@ -419,11 +439,6 @@ handle_refresh_melt_json (struct MHD_Connection *connection, &rcc->coin_ev_size), GNUNET_JSON_spec_end () }; - struct GNUNET_JSON_Specification link_spec[] = { - GNUNET_JSON_spec_fixed_auto (NULL, - &rcc->refresh_link), - GNUNET_JSON_spec_end () - }; res = TMH_PARSE_json_array (connection, coin_evs, @@ -439,59 +454,10 @@ handle_refresh_melt_json (struct MHD_Connection *connection, GNUNET_CRYPTO_hash_context_read (hash_context, rcc->coin_ev, rcc->coin_ev_size); - res = TMH_PARSE_json_array (connection, - link_encs, - link_spec, - i, j, -1); - if (GNUNET_OK != res) - { - GNUNET_break_op (0); - res = (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; - goto cleanup; - } - GNUNET_CRYPTO_hash_context_read (hash_context, - &rcc->refresh_link, - sizeof (rcc->refresh_link)); - GNUNET_JSON_parse_free (link_spec); + GNUNET_JSON_parse_free (coin_spec); } } - for (i = 0; i < TALER_CNC_KAPPA; i++) - { - struct TALER_RefreshCommitLinkP *rcl = &commit_link[i]; - struct GNUNET_JSON_Specification trans_spec[] = { - GNUNET_JSON_spec_fixed_auto (NULL, &rcl->transfer_pub), - GNUNET_JSON_spec_end () - }; - struct GNUNET_JSON_Specification sec_spec[] = { - GNUNET_JSON_spec_fixed_auto (NULL, &rcl->shared_secret_enc), - GNUNET_JSON_spec_end () - }; - - res = TMH_PARSE_json_array (connection, - transfer_pubs, - trans_spec, - i, -1); - if (GNUNET_OK != res) - { - GNUNET_break_op (0); - res = (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; - goto cleanup; - } - res = TMH_PARSE_json_array (connection, - secret_encs, - sec_spec, - i, -1); - if (GNUNET_OK != res) - { - GNUNET_break_op (0); - res = (GNUNET_SYSERR == res) ? MHD_NO : MHD_YES; - goto cleanup; - } - GNUNET_CRYPTO_hash_context_read (hash_context, - rcl, - sizeof (struct TALER_RefreshCommitLinkP)); - } GNUNET_CRYPTO_hash_context_finish (hash_context, &session_hash); hash_context = NULL; @@ -513,7 +479,7 @@ handle_refresh_melt_json (struct MHD_Connection *connection, &coin_melt_details, &session_hash, commit_coin, - commit_link); + transfer_pub); cleanup: free_commit_coins (commit_coin, TALER_CNC_KAPPA, @@ -558,17 +524,13 @@ TMH_REFRESH_handler_refresh_melt (struct TMH_RequestHandler *rh, json_t *new_denoms; json_t *melt_coin; json_t *coin_evs; - json_t *link_encs; json_t *transfer_pubs; - json_t *secret_encs; int res; struct GNUNET_JSON_Specification spec[] = { GNUNET_JSON_spec_json ("new_denoms", &new_denoms), GNUNET_JSON_spec_json ("melt_coin", &melt_coin), GNUNET_JSON_spec_json ("coin_evs", &coin_evs), - GNUNET_JSON_spec_json ("link_encs", &link_encs), GNUNET_JSON_spec_json ("transfer_pubs", &transfer_pubs), - GNUNET_JSON_spec_json ("secret_encs", &secret_encs), GNUNET_JSON_spec_end () }; @@ -608,9 +570,7 @@ TMH_REFRESH_handler_refresh_melt (struct TMH_RequestHandler *rh, new_denoms, melt_coin, transfer_pubs, - secret_encs, - coin_evs, - link_encs); + coin_evs); GNUNET_JSON_parse_free (spec); return res; } diff --git a/src/exchange/taler-exchange-httpd_responses.c b/src/exchange/taler-exchange-httpd_responses.c index bbcdbe35f..b39b68a44 100644 --- a/src/exchange/taler-exchange-httpd_responses.c +++ b/src/exchange/taler-exchange-httpd_responses.c @@ -1028,7 +1028,7 @@ TMH_RESPONSE_reply_refresh_reveal_missmatch (struct MHD_Connection *connection, { json_t *info_commit_k; json_t *info_link_k; - const struct TALER_RefreshCommitLinkP *cl; + const struct TALER_TransferPublicKeyP *transfer_pub; info_commit_k = json_array (); for (i=0;inum_newcoins;i++) @@ -1042,13 +1042,6 @@ TMH_RESPONSE_reply_refresh_reveal_missmatch (struct MHD_Connection *connection, "coin_ev", GNUNET_JSON_from_data (cc->coin_ev, cc->coin_ev_size)); - json_object_set_new (cc_json, - "coin_priv_enc", - GNUNET_JSON_from_data_auto (cc->refresh_link.coin_priv_enc)); - json_object_set_new (cc_json, - "blinding_key_enc", - GNUNET_JSON_from_data_auto (&cc->refresh_link.blinding_key_enc)); - GNUNET_assert (0 == json_array_append_new (info_commit_k, cc_json)); @@ -1058,13 +1051,10 @@ TMH_RESPONSE_reply_refresh_reveal_missmatch (struct MHD_Connection *connection, info_commit_k)); info_link_k = json_object (); - cl = &mc->commit_links[k]; + transfer_pub = &mc->transfer_pubs[k]; json_object_set_new (info_link_k, "transfer_pub", - GNUNET_JSON_from_data_auto (&cl->transfer_pub)); - json_object_set_new (info_link_k, - "shared_secret_enc", - GNUNET_JSON_from_data_auto (&cl->shared_secret_enc)); + GNUNET_JSON_from_data_auto (transfer_pub)); GNUNET_assert (0 == json_array_append_new (info_links, info_link_k)); @@ -1113,9 +1103,6 @@ TMH_RESPONSE_reply_refresh_link_success (struct MHD_Connection *connection, json_t *obj; obj = json_object (); - json_object_set_new (obj, - "link_enc", - GNUNET_JSON_from_data_auto (&pos->link_data_enc)); json_object_set_new (obj, "denom_pub", GNUNET_JSON_from_rsa_public_key (pos->denom_pub.rsa_public_key)); @@ -1133,9 +1120,6 @@ TMH_RESPONSE_reply_refresh_link_success (struct MHD_Connection *connection, json_object_set_new (root, "transfer_pub", GNUNET_JSON_from_data_auto (&sessions[i].transfer_pub)); - json_object_set_new (root, - "secret_enc", - GNUNET_JSON_from_data_auto (&sessions[i].shared_secret_enc)); GNUNET_assert (0 == json_array_append_new (mlist, root)); diff --git a/src/exchange/taler-exchange-httpd_responses.h b/src/exchange/taler-exchange-httpd_responses.h index ce6710080..4079bd12b 100644 --- a/src/exchange/taler-exchange-httpd_responses.h +++ b/src/exchange/taler-exchange-httpd_responses.h @@ -521,11 +521,6 @@ struct TMH_RESPONSE_LinkSessionInfo */ struct TALER_TransferPublicKeyP transfer_pub; - /** - * Encrypted shared secret for decrypting the transfer secrets. - */ - struct TALER_EncryptedLinkSecretP shared_secret_enc; - /** * Linked data of coins being created in the session. */ diff --git a/src/exchange/taler-exchange-httpd_test.c b/src/exchange/taler-exchange-httpd_test.c index d8849d310..b371bd215 100644 --- a/src/exchange/taler-exchange-httpd_test.c +++ b/src/exchange/taler-exchange-httpd_test.c @@ -535,16 +535,14 @@ TMH_TEST_handler_test_transfer (struct TMH_RequestHandler *rh, { json_t *json; int res; - struct TALER_EncryptedLinkSecretP secret_enc; struct TALER_TransferPrivateKeyP trans_priv; struct TALER_CoinSpendPublicKeyP coin_pub; struct GNUNET_JSON_Specification spec[] = { - GNUNET_JSON_spec_fixed_auto ("secret_enc", &secret_enc), GNUNET_JSON_spec_fixed_auto ("trans_priv", &trans_priv), GNUNET_JSON_spec_fixed_auto ("coin_pub", &coin_pub), GNUNET_JSON_spec_end () }; - struct TALER_LinkSecretP secret; + struct TALER_TransferSecretP secret; res = TMH_PARSE_post_json (connection, connection_cls, @@ -561,16 +559,9 @@ TMH_TEST_handler_test_transfer (struct TMH_RequestHandler *rh, json_decref (json); if (GNUNET_YES != res) return (GNUNET_NO == res) ? MHD_YES : MHD_NO; - if (GNUNET_OK != - TALER_link_decrypt_secret (&secret_enc, - &trans_priv, - &coin_pub, - &secret)) - { - GNUNET_JSON_parse_free (spec); - return TMH_RESPONSE_reply_internal_error (connection, - "Failed to decrypt secret"); - } + TALER_link_reveal_transfer_secret (&trans_priv, + &coin_pub, + &secret); return TMH_RESPONSE_reply_json_pack (connection, MHD_HTTP_OK, "{s:o}", -- cgit v1.2.3