From 745719dbc1482734ab3ca7a20541ee8a12ecb69c Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 5 Aug 2016 16:08:19 +0200 Subject: first half of changing refresh protocol to derive all key data from DH --- src/include/taler_crypto_lib.h | 177 +++++++++------------------------- src/include/taler_exchangedb_plugin.h | 43 +++------ src/include/taler_signatures.h | 25 ----- 3 files changed, 58 insertions(+), 187 deletions(-) (limited to 'src/include') diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index e1fdeb2bc..e8e8f3a03 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -412,7 +412,7 @@ GNUNET_NETWORK_STRUCT_BEGIN struct TALER_TransferSecretP { /** - * Secret used to encrypt/decrypt the `struct TALER_LinkSecretP`. + * Secret used to derive private inputs for refreshed coins. * Must be (currently) a hash as this is what * #GNUNET_CRYPTO_ecc_ecdh() returns to us. */ @@ -420,49 +420,6 @@ struct TALER_TransferSecretP }; -/** - * @brief Secret used to decrypt refresh links. - */ -struct TALER_LinkSecretP -{ - /** - * Secret used to decrypt the refresh link data. - */ - char key[sizeof (struct GNUNET_HashCode)]; -}; - - -/** - * @brief Encrypted secret used to decrypt refresh links. - */ -struct TALER_EncryptedLinkSecretP -{ - /** - * Encrypted secret, must be the given size! - */ - char enc[sizeof (struct TALER_LinkSecretP)]; -}; - - -/** - * @brief Representation of an refresh link in cleartext. - */ -struct TALER_RefreshLinkDecryptedP -{ - - /** - * Private key of the coin. - */ - struct TALER_CoinSpendPrivateKeyP coin_priv; - - /** - * Blinding key. - */ - struct TALER_DenominationBlindingKeyP blinding_key; - -}; - - /** * Length of the raw value in the Taler wire transfer identifier * (in binary representation). @@ -540,44 +497,6 @@ struct TALER_RefreshLinkEncryptedP GNUNET_NETWORK_STRUCT_END - - -/** - * Decrypt the shared @a secret from the information in the - * encrypted link secret @e secret_enc using the transfer - * private key and the coin's public key. - * - * @param secret_enc encrypted link secret - * @param trans_priv transfer private key - * @param coin_pub coin public key - * @param[out] secret set to the shared secret - * @return #GNUNET_OK on success, #GNUNET_SYSERR on error - */ -int -TALER_link_decrypt_secret (const struct TALER_EncryptedLinkSecretP *secret_enc, - const struct TALER_TransferPrivateKeyP *trans_priv, - const struct TALER_CoinSpendPublicKeyP *coin_pub, - struct TALER_LinkSecretP *secret); - - -/** - * Decrypt the shared @a secret from the information in the - * encrypted link secret @e secret_enc using the transfer - * public key and the coin's private key. - * - * @param secret_enc encrypted link secret - * @param trans_pub transfer public key - * @param coin_priv coin private key - * @param[out] secret set to the shared secret - * @return #GNUNET_OK on success, #GNUNET_SYSERR on error - */ -int -TALER_link_decrypt_secret2 (const struct TALER_EncryptedLinkSecretP *secret_enc, - const struct TALER_TransferPublicKeyP *trans_pub, - const struct TALER_CoinSpendPrivateKeyP *coin_priv, - struct TALER_LinkSecretP *secret); - - /** * Given the coin and the transfer private keys, compute the * transfer secret. (Technically, we only need one of the two @@ -596,78 +515,68 @@ TALER_link_derive_transfer_secret (const struct TALER_CoinSpendPrivateKeyP *coin /** - * Encrypt the shared @a secret to generate the encrypted link secret. - * Also creates the transfer key. + * Decrypt the shared @a secret from the information in the + * @a trans_priv and @a coin_pub. * - * @param secret link secret to encrypt + * @param trans_priv transfer private key * @param coin_pub coin public key - * @param[out] trans_priv set to transfer private key - * @param[out] trans_pub set to transfer public key - * @param[out] secret_enc set to the encryptd @a secret - * @return #GNUNET_OK on success, #GNUNET_SYSERR on error + * @param[out] secret set to the shared secret */ -int -TALER_link_encrypt_secret (const struct TALER_LinkSecretP *secret, - const struct TALER_CoinSpendPublicKeyP *coin_pub, - struct TALER_TransferPrivateKeyP *trans_priv, - struct TALER_TransferPublicKeyP *trans_pub, - struct TALER_EncryptedLinkSecretP *secret_enc); +void +TALER_link_reveal_transfer_secret (const struct TALER_TransferPrivateKeyP *trans_priv, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + struct TALER_TransferSecretP *transfer_secret); + /** - * Use the @a trans_sec (from ECDHE) to decrypt the @a secret_enc - * to obtain the @a secret to decrypt the linkage data. + * Decrypt the shared @a secret from the information in the + * @a trans_priv and @a coin_pub. * - * @param secret_enc encrypted secret - * @param trans_sec transfer secret - * @param secret shared secret for refresh link decryption - * @return #GNUNET_OK on success + * @param trans_pub transfer private key + * @param coin_priv coin public key + * @param[out] secret set to the shared secret */ -int -TALER_transfer_decrypt (const struct TALER_EncryptedLinkSecretP *secret_enc, - const struct TALER_TransferSecretP *trans_sec, - struct TALER_LinkSecretP *secret); +void +TALER_link_recover_transfer_secret (const struct TALER_TransferPublicKeyP *trans_pub, + const struct TALER_CoinSpendPrivateKeyP *coin_priv, + struct TALER_TransferSecretP *transfer_secret); /** - * Use the @a trans_sec (from ECDHE) to encrypt the @a secret - * to obtain the @a secret_enc. - * - * @param secret shared secret for refresh link decryption - * @param trans_sec transfer secret - * @param[out] secret_enc encrypted secret - * @return #GNUNET_OK on success + * Header for serializations of coin-specific information about the + * fresh coins we generate during a melt. */ -int -TALER_transfer_encrypt (const struct TALER_LinkSecretP *secret, - const struct TALER_TransferSecretP *trans_sec, - struct TALER_EncryptedLinkSecretP *secret_enc); +struct TALER_FreshCoinP +{ + /** + * Private key of the coin. + */ + struct TALER_CoinSpendPrivateKeyP coin_priv; -/** - * Decrypt refresh link information. - * - * @param input encrypted refresh link data - * @param secret shared secret to use for decryption - * @param[out] output where to write decrypted refresh link - */ -void -TALER_refresh_decrypt (const struct TALER_RefreshLinkEncryptedP *input, - const struct TALER_LinkSecretP *secret, - struct TALER_RefreshLinkDecryptedP *output); + /** + * The blinding key. + */ + struct TALER_DenominationBlindingKeyP blinding_key; + +}; /** - * Encrypt refresh link information. + * Setup information for a fresh coin, deriving the coin private key + * and the blinding factor from the @a secret_seed with a KDF salted + * by the @a coin_num_salt. * - * @param input plaintext refresh link data - * @param secret shared secret to use for encryption - * @param[out] output where to write encrypted refresh link + * @param secret_seed seed to use for KDF to derive coin keys + * @param coin_num_salt number of the coin to include in KDF + * @param[out] fc value to initialize */ void -TALER_refresh_encrypt (const struct TALER_RefreshLinkDecryptedP *input, - const struct TALER_LinkSecretP *secret, - struct TALER_RefreshLinkEncryptedP *output); +TALER_setup_fresh_coin (const struct TALER_TransferSecretP *secret_seed, + unsigned int coin_num_salt, + struct TALER_FreshCoinP *fc); + #endif diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index ddc7f7714..0377806f4 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -444,12 +444,6 @@ struct TALER_EXCHANGEDB_RefreshSession struct TALER_EXCHANGEDB_RefreshCommitCoin { - /** - * Encrypted data allowing those able to decrypt it to derive - * the private keys of the new coins created by the refresh. - */ - struct TALER_RefreshLinkEncryptedP refresh_link; - /** * Blinded message to be signed (in envelope), with @e coin_env_size bytes. */ @@ -473,12 +467,6 @@ struct TALER_EXCHANGEDB_LinkDataList */ struct TALER_EXCHANGEDB_LinkDataList *next; - /** - * Link data, used to recover the private key of the coin - * by the owner of the old coin. - */ - struct TALER_RefreshLinkEncryptedP link_data_enc; - /** * Denomination public key, determines the value of the coin. */ @@ -579,9 +567,9 @@ struct TALER_EXCHANGEDB_MeltCommitment struct TALER_EXCHANGEDB_RefreshCommitCoin *commit_coins[TALER_CNC_KAPPA]; /** - * Array of #TALER_CNC_KAPPA links. + * Array of #TALER_CNC_KAPPA transfer public keys. */ - struct TALER_RefreshCommitLinkP commit_links[TALER_CNC_KAPPA]; + struct TALER_TransferPublicKeyP transfer_pubs[TALER_CNC_KAPPA]; }; @@ -635,8 +623,7 @@ typedef int typedef void (*TALER_EXCHANGEDB_TransferDataCallback)(void *cls, const struct GNUNET_HashCode *session_hash, - const struct TALER_TransferPublicKeyP *transfer_pub, - const struct TALER_EncryptedLinkSecretP *shared_secret_enc); + const struct TALER_TransferPublicKeyP *transfer_pub); /** @@ -1217,15 +1204,15 @@ struct TALER_EXCHANGEDB_Plugin * @param session database connection to use * @param session_hash hash to identify refresh session * @param cnc_index cut and choose index, relating to #TALER_CNC_KAPPA - * @param link link information to store + * @param tp public key to store * @return #GNUNET_SYSERR on internal error, #GNUNET_OK on success */ int - (*insert_refresh_commit_link) (void *cls, - struct TALER_EXCHANGEDB_Session *session, - const struct GNUNET_HashCode *session_hash, - uint16_t cnc_index, - const struct TALER_RefreshCommitLinkP *link); + (*insert_refresh_transfer_public_key) (void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct GNUNET_HashCode *session_hash, + uint16_t cnc_index, + const struct TALER_TransferPublicKeyP *tp); /** * Obtain the commited (encrypted) refresh link data @@ -1235,17 +1222,17 @@ struct TALER_EXCHANGEDB_Plugin * @param session database connection to use * @param session_hash hash to identify refresh session * @param cnc_index cut and choose index (1st dimension) - * @param[out] link information to return + * @param[out] tp information to return * @return #GNUNET_SYSERR on internal error, * #GNUNET_NO if commitment was not found * #GNUNET_OK on success */ int - (*get_refresh_commit_link) (void *cls, - struct TALER_EXCHANGEDB_Session *session, - const struct GNUNET_HashCode *session_hash, - uint16_t cnc_index, - struct TALER_RefreshCommitLinkP *link); + (*get_refresh_transfer_public_key) (void *cls, + struct TALER_EXCHANGEDB_Session *session, + const struct GNUNET_HashCode *session_hash, + uint16_t cnc_index, + struct TALER_TransferPublicKeyP *tp); /** diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index 098799538..a4d599cd7 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -877,31 +877,6 @@ struct TALER_ExchangeKeyValidityPS }; -/** - * @brief For each (old) coin being melted, we have a `struct - * RefreshCommitLinkP` that allows the user to find the shared secret - * to decrypt the respective refresh links for the new coins in the - * `struct TALER_EXCHANGEDB_RefreshCommitCoin`. - * - * Part of the construction of the refresh session's hash and - * thus of what is signed there. - */ -struct TALER_RefreshCommitLinkP -{ - /** - * Transfer public key, used to decrypt the @e shared_secret_enc - * in combintation with the corresponding private key of the - * coin. - */ - struct TALER_TransferPublicKeyP transfer_pub; - - /** - * Encrypted shared secret to decrypt the link. - */ - struct TALER_EncryptedLinkSecretP shared_secret_enc; -}; - - /** * @brief Information signed by the exchange's master * key affirming the SEPA details for the exchange. -- cgit v1.2.3