From ba627bf84c89ea93a117bce8563b30a3d460e633 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 5 Nov 2021 22:22:47 +0100 Subject: -fixes --- src/auditor/taler-helper-auditor-coins.c | 6 +-- src/auditor/taler-helper-auditor-reserves.c | 2 +- src/exchange/taler-exchange-httpd_recoup.c | 9 +++-- src/exchangedb/plugin_exchangedb_postgres.c | 8 ++-- src/exchangedb/test_exchangedb.c | 6 +-- src/include/taler_crypto_lib.h | 57 +++++---------------------- src/include/taler_exchangedb_plugin.h | 20 +++++----- src/include/taler_signatures.h | 2 +- src/include/taler_testing_lib.h | 2 +- src/lib/exchange_api_link.c | 2 +- src/testing/testing_api_cmd_recoup.c | 2 +- src/testing/testing_api_cmd_refresh.c | 2 +- src/util/crypto.c | 4 +- src/util/denom.c | 61 +++++------------------------ src/util/test_helper_rsa.c | 2 +- 15 files changed, 54 insertions(+), 131 deletions(-) (limited to 'src') diff --git a/src/auditor/taler-helper-auditor-coins.c b/src/auditor/taler-helper-auditor-coins.c index 525738bd5..b086cec4b 100644 --- a/src/auditor/taler-helper-auditor-coins.c +++ b/src/auditor/taler-helper-auditor-coins.c @@ -1922,7 +1922,7 @@ check_recoup (struct CoinContext *cc, const struct TALER_CoinPublicInfo *coin, const struct TALER_DenominationPublicKey *denom_pub, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind) + const union TALER_DenominationBlindingKeyP *coin_blind) { struct DenominationSummary *ds; enum GNUNET_DB_QueryStatus qs; @@ -2076,7 +2076,7 @@ recoup_cb (void *cls, const struct TALER_CoinPublicInfo *coin, const struct TALER_DenominationPublicKey *denom_pub, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind) + const union TALER_DenominationBlindingKeyP *coin_blind) { struct CoinContext *cc = cls; @@ -2121,7 +2121,7 @@ recoup_refresh_cb (void *cls, const struct TALER_CoinPublicInfo *coin, const struct TALER_DenominationPublicKey *denom_pub, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind) + const union TALER_DenominationBlindingKeyP *coin_blind) { struct CoinContext *cc = cls; const struct TALER_DenominationKeyValidityPS *issue; diff --git a/src/auditor/taler-helper-auditor-reserves.c b/src/auditor/taler-helper-auditor-reserves.c index 6a355ea79..52a7b0748 100644 --- a/src/auditor/taler-helper-auditor-reserves.c +++ b/src/auditor/taler-helper-auditor-reserves.c @@ -689,7 +689,7 @@ handle_recoup_by_reserve ( const struct TALER_CoinPublicInfo *coin, const struct TALER_DenominationPublicKey *denom_pub, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind) + const union TALER_DenominationBlindingKeyP *coin_blind) { struct ReserveContext *rc = cls; struct GNUNET_HashCode key; diff --git a/src/exchange/taler-exchange-httpd_recoup.c b/src/exchange/taler-exchange-httpd_recoup.c index 98ab314ab..f10bd34b9 100644 --- a/src/exchange/taler-exchange-httpd_recoup.c +++ b/src/exchange/taler-exchange-httpd_recoup.c @@ -56,7 +56,7 @@ struct RecoupContext /** * Key used to blind the coin. */ - const struct TALER_DenominationBlindingKeyP *coin_bks; + const union TALER_DenominationBlindingKeyP *coin_bks; /** * Signature of the coin requesting recoup. @@ -345,7 +345,7 @@ static MHD_RESULT verify_and_execute_recoup ( struct MHD_Connection *connection, const struct TALER_CoinPublicInfo *coin, - const struct TALER_DenominationBlindingKeyP *coin_bks, + const union TALER_DenominationBlindingKeyP *coin_bks, const struct TALER_CoinSpendSignatureP *coin_sig, int refreshed) { @@ -446,9 +446,10 @@ verify_and_execute_recoup ( &c_hash); GNUNET_assert (dk->denom_pub.cipher == TALER_DENOMINATION_RSA); + // FIXME-RSA migration... if (GNUNET_YES != TALER_rsa_blind (&c_hash, - &coin_bks->bks, + &coin_bks->rsa_bks, dk->denom_pub.details.rsa_public_key, &coin_ev, &coin_ev_size)) @@ -517,7 +518,7 @@ TEH_handler_recoup (struct MHD_Connection *connection, { enum GNUNET_GenericReturnValue ret; struct TALER_CoinPublicInfo coin; - struct TALER_DenominationBlindingKeyP coin_bks; + union TALER_DenominationBlindingKeyP coin_bks; struct TALER_CoinSpendSignatureP coin_sig; int refreshed = GNUNET_NO; struct GNUNET_JSON_Specification spec[] = { diff --git a/src/exchangedb/plugin_exchangedb_postgres.c b/src/exchangedb/plugin_exchangedb_postgres.c index 3340a70d6..730c58b88 100644 --- a/src/exchangedb/plugin_exchangedb_postgres.c +++ b/src/exchangedb/plugin_exchangedb_postgres.c @@ -9032,7 +9032,7 @@ recoup_serial_helper_cb (void *cls, struct TALER_ReservePublicKeyP reserve_pub; struct TALER_CoinPublicInfo coin; struct TALER_CoinSpendSignatureP coin_sig; - struct TALER_DenominationBlindingKeyP coin_blind; + union TALER_DenominationBlindingKeyP coin_blind; struct TALER_Amount amount; struct TALER_DenominationPublicKey denom_pub; struct TALER_BlindedCoinHash h_blind_ev; @@ -9180,7 +9180,7 @@ recoup_refresh_serial_helper_cb (void *cls, struct TALER_CoinSpendPublicKeyP old_coin_pub; struct TALER_CoinPublicInfo coin; struct TALER_CoinSpendSignatureP coin_sig; - struct TALER_DenominationBlindingKeyP coin_blind; + union TALER_DenominationBlindingKeyP coin_blind; struct TALER_DenominationPublicKey denom_pub; struct TALER_DenominationHash old_denom_pub_hash; struct TALER_Amount amount; @@ -9441,7 +9441,7 @@ postgres_insert_recoup_request ( const struct TALER_ReservePublicKeyP *reserve_pub, const struct TALER_CoinPublicInfo *coin, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind, + const union TALER_DenominationBlindingKeyP *coin_blind, const struct TALER_Amount *amount, const struct TALER_BlindedCoinHash *h_blind_ev, struct GNUNET_TIME_Absolute timestamp) @@ -9533,7 +9533,7 @@ postgres_insert_recoup_refresh_request ( void *cls, const struct TALER_CoinPublicInfo *coin, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind, + const union TALER_DenominationBlindingKeyP *coin_blind, const struct TALER_Amount *amount, const struct TALER_BlindedCoinHash *h_blind_ev, struct GNUNET_TIME_Absolute timestamp) diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c index 76a83a1b4..9d24ebb55 100644 --- a/src/exchangedb/test_exchangedb.c +++ b/src/exchangedb/test_exchangedb.c @@ -1344,9 +1344,9 @@ recoup_cb (void *cls, const struct TALER_CoinPublicInfo *coin, const struct TALER_DenominationPublicKey *denom_pub, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind) + const union TALER_DenominationBlindingKeyP *coin_blind) { - const struct TALER_DenominationBlindingKeyP *cb = cls; + const union TALER_DenominationBlindingKeyP *cb = cls; FAILIF (NULL == cb); FAILIF (0 != GNUNET_memcmp (cb, @@ -1445,7 +1445,7 @@ run (void *cls) struct GNUNET_CONFIGURATION_Handle *cfg = cls; struct TALER_CoinSpendSignatureP coin_sig; struct GNUNET_TIME_Absolute deadline; - struct TALER_DenominationBlindingKeyP coin_blind; + union TALER_DenominationBlindingKeyP coin_blind; struct TALER_ReservePublicKeyP reserve_pub; struct TALER_ReservePublicKeyP reserve_pub2; struct DenomKeyPair *dkp; diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index a948d98e9..961c36695 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -324,13 +324,12 @@ struct TALER_CoinSpendSignatureP /** * @brief Type of blinding keys for Taler. */ -struct TALER_DenominationBlindingKeyP +union TALER_DenominationBlindingKeyP { - // FIXME: RSA migration! /** * Taler uses RSA for blind signatures. */ - struct GNUNET_CRYPTO_RsaBlindingKeySecret bks; + struct GNUNET_CRYPTO_RsaBlindingKeySecret rsa_bks; }; @@ -588,29 +587,6 @@ struct TALER_DenominationPublicKey }; -/** - * Client-side secrets for blinding. - */ -struct TALER_BlindingSecret -{ - - /** - * Type of the blinding secret. - */ - enum TALER_DenominationCipher cipher; - - union - { - - /** - * Blinding key secret for RSA. - */ - struct GNUNET_CRYPTO_RsaBlindingKeySecret rsa_bks; - - } details; -}; - - /** * @brief Type of private signing keys for blind signing of coins. */ @@ -704,22 +680,10 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub); /** * Create a blinding secret @a bs for @a cipher. * - * @param[out] blinding secret to initialize - * @param cipher cipher to create blinding secret for - */ -enum GNUNET_GenericReturnValue -TALER_blinding_secret_create (struct TALER_BlindingSecret *bs, - enum TALER_DenominationCipher cipher, - ...); - - -/** - * Release memory inside of a blinding secret @a bs. - * - * @param[in] blinding secret to free + * @param[out] bs blinding secret to initialize */ void -TALER_blinding_secret_free (struct TALER_BlindingSecret *bs); +TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs); /** @@ -786,11 +750,11 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, * @return #GNUNET_OK on success */ enum GNUNET_GenericReturnValue -TALER_denom_sig_unblind (struct TALER_DenominationSignature *denom_sig, - const struct - TALER_BlindedDenominationSignature *bdenom_sig, - const struct TALER_BlindingSecret *bks, - const struct TALER_DenominationPublicKey *denom_pub); +TALER_denom_sig_unblind ( + struct TALER_DenominationSignature *denom_sig, + const struct TALER_BlindedDenominationSignature *bdenom_sig, + const union TALER_DenominationBlindingKeyP *bks, + const struct TALER_DenominationPublicKey *denom_pub); /** @@ -986,8 +950,7 @@ struct TALER_PlanchetSecretsP /** * The blinding key. */ - struct TALER_DenominationBlindingKeyP blinding_key; - // FIXME: RSA migration on generation! + union TALER_DenominationBlindingKeyP blinding_key; }; diff --git a/src/include/taler_exchangedb_plugin.h b/src/include/taler_exchangedb_plugin.h index c278aa40b..dcfb7a5d0 100644 --- a/src/include/taler_exchangedb_plugin.h +++ b/src/include/taler_exchangedb_plugin.h @@ -368,7 +368,7 @@ struct TALER_EXCHANGEDB_TableData { uint64_t known_coin_id; struct TALER_CoinSpendSignatureP coin_sig; - struct TALER_DenominationBlindingKeyP coin_blind; + union TALER_DenominationBlindingKeyP coin_blind; struct TALER_Amount amount; struct GNUNET_TIME_Absolute timestamp; uint64_t reserve_out_serial_id; @@ -378,7 +378,7 @@ struct TALER_EXCHANGEDB_TableData { uint64_t known_coin_id; struct TALER_CoinSpendSignatureP coin_sig; - struct TALER_DenominationBlindingKeyP coin_blind; + union TALER_DenominationBlindingKeyP coin_blind; struct TALER_Amount amount; struct GNUNET_TIME_Absolute timestamp; uint64_t rrc_serial; @@ -762,7 +762,7 @@ struct TALER_EXCHANGEDB_Recoup * Blinding factor supplied to prove to the exchange that * the coin came from this reserve. */ - struct TALER_DenominationBlindingKeyP coin_blind; + union TALER_DenominationBlindingKeyP coin_blind; /** * Signature of the coin of type @@ -799,7 +799,7 @@ struct TALER_EXCHANGEDB_RecoupListEntry * Blinding factor supplied to prove to the exchange that * the coin came from this reserve. */ - struct TALER_DenominationBlindingKeyP coin_blind; + union TALER_DenominationBlindingKeyP coin_blind; /** * Signature of the coin of type @@ -847,7 +847,7 @@ struct TALER_EXCHANGEDB_RecoupRefreshListEntry * Blinding factor supplied to prove to the exchange that * the coin came from this @e old_coin_pub. */ - struct TALER_DenominationBlindingKeyP coin_blind; + union TALER_DenominationBlindingKeyP coin_blind; /** * Signature of the coin of type @@ -1930,7 +1930,7 @@ typedef enum GNUNET_GenericReturnValue const struct TALER_CoinPublicInfo *coin, const struct TALER_DenominationPublicKey *denom_pub, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind); + const union TALER_DenominationBlindingKeyP *coin_blind); /** @@ -1960,7 +1960,7 @@ typedef enum GNUNET_GenericReturnValue const struct TALER_CoinPublicInfo *coin, const struct TALER_DenominationPublicKey *denom_pub, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind); + const union TALER_DenominationBlindingKeyP *coin_blind); /** @@ -2038,7 +2038,7 @@ typedef void uint64_t rowid, const struct TALER_CoinPublicInfo *coin, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind, + const union TALER_DenominationBlindingKeyP *coin_blind, const struct TALER_BlindedCoinHash *h_blinded_ev, const struct TALER_Amount *amount); @@ -3391,7 +3391,7 @@ struct TALER_EXCHANGEDB_Plugin const struct TALER_ReservePublicKeyP *reserve_pub, const struct TALER_CoinPublicInfo *coin, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind, + const union TALER_DenominationBlindingKeyP *coin_blind, const struct TALER_Amount *amount, const struct TALER_BlindedCoinHash *h_blind_ev, struct GNUNET_TIME_Absolute timestamp); @@ -3416,7 +3416,7 @@ struct TALER_EXCHANGEDB_Plugin void *cls, const struct TALER_CoinPublicInfo *coin, const struct TALER_CoinSpendSignatureP *coin_sig, - const struct TALER_DenominationBlindingKeyP *coin_blind, + const union TALER_DenominationBlindingKeyP *coin_blind, const struct TALER_Amount *amount, const struct TALER_BlindedCoinHash *h_blind_ev, struct GNUNET_TIME_Absolute timestamp); diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index 56d59767e..eeceaf3d8 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -1506,7 +1506,7 @@ struct TALER_RecoupRequestPS /** * Blinding factor that was used to withdraw the coin. */ - struct TALER_DenominationBlindingKeyP coin_blind; + union TALER_DenominationBlindingKeyP coin_blind; }; diff --git a/src/include/taler_testing_lib.h b/src/include/taler_testing_lib.h index f0e6d5529..2656300fe 100644 --- a/src/include/taler_testing_lib.h +++ b/src/include/taler_testing_lib.h @@ -2381,7 +2381,7 @@ TALER_TESTING_get_trait (const struct TALER_TESTING_Trait *traits, op (absolute_time, const struct GNUNET_TIME_Absolute) \ op (exchange_pub, const struct TALER_ExchangePublicKeyP) \ op (exchange_sig, const struct TALER_ExchangeSignatureP) \ - op (blinding_key, const struct TALER_DenominationBlindingKeyP) + op (blinding_key, const union TALER_DenominationBlindingKeyP) TALER_TESTING_SIMPLE_TRAITS (TALER_TESTING_MAKE_DECL_SIMPLE_TRAIT) diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c index 08869ed1d..f544e71e3 100644 --- a/src/lib/exchange_api_link.c +++ b/src/lib/exchange_api_link.c @@ -129,7 +129,7 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, sig->cipher = TALER_DENOMINATION_RSA; sig->details.rsa_signature = TALER_rsa_unblind (bsig.details.blinded_rsa_signature, - &fc.blinding_key.bks, + &fc.blinding_key.rsa_bks, rpub.details.rsa_public_key); /* verify link_sig */ { diff --git a/src/testing/testing_api_cmd_recoup.c b/src/testing/testing_api_cmd_recoup.c index 745206e34..fe97edb76 100644 --- a/src/testing/testing_api_cmd_recoup.c +++ b/src/testing/testing_api_cmd_recoup.c @@ -283,7 +283,7 @@ recoup_run (void *cls, struct RecoupState *ps = cls; const struct TALER_TESTING_Command *coin_cmd; const struct TALER_CoinSpendPrivateKeyP *coin_priv; - const struct TALER_DenominationBlindingKeyP *blinding_key; + const union TALER_DenominationBlindingKeyP *blinding_key; const struct TALER_EXCHANGE_DenomPublicKey *denom_pub; const struct TALER_DenominationSignature *coin_sig; struct TALER_PlanchetSecretsP planchet; diff --git a/src/testing/testing_api_cmd_refresh.c b/src/testing/testing_api_cmd_refresh.c index 7711a0e6e..8f6ba0cf8 100644 --- a/src/testing/testing_api_cmd_refresh.c +++ b/src/testing/testing_api_cmd_refresh.c @@ -73,7 +73,7 @@ struct TALER_TESTING_FreshCoinData /** * The blinding key (needed for recoup operations). */ - struct TALER_DenominationBlindingKeyP blinding_key; + union TALER_DenominationBlindingKeyP blinding_key; }; diff --git a/src/util/crypto.c b/src/util/crypto.c index 99744304b..668a91adf 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -197,7 +197,7 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, GNUNET_assert (TALER_DENOMINATION_RSA == dk->cipher); if (GNUNET_YES != TALER_rsa_blind (c_hash, - &ps->blinding_key.bks, + &ps->blinding_key.rsa_bks, dk->details.rsa_public_key, &pd->coin_ev, &pd->coin_ev_size)) @@ -229,7 +229,7 @@ TALER_planchet_to_coin ( sig.cipher = TALER_DENOMINATION_RSA; sig.details.rsa_signature = TALER_rsa_unblind (blind_sig->details.blinded_rsa_signature, - &ps->blinding_key.bks, + &ps->blinding_key.rsa_bks, dk->details.rsa_public_key); if (GNUNET_OK != TALER_denom_pub_verify (dk, diff --git a/src/util/denom.c b/src/util/denom.c index 9261779ea..a1f511fe6 100644 --- a/src/util/denom.c +++ b/src/util/denom.c @@ -110,17 +110,12 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, enum GNUNET_GenericReturnValue -TALER_denom_sig_unblind (struct TALER_DenominationSignature *denom_sig, - const struct - TALER_BlindedDenominationSignature *bdenom_sig, - const struct TALER_BlindingSecret *bks, - const struct TALER_DenominationPublicKey *denom_pub) +TALER_denom_sig_unblind ( + struct TALER_DenominationSignature *denom_sig, + const struct TALER_BlindedDenominationSignature *bdenom_sig, + const union TALER_DenominationBlindingKeyP *bks, + const struct TALER_DenominationPublicKey *denom_pub) { - if (bks->cipher != denom_pub->cipher) - { - GNUNET_break (0); - return GNUNET_SYSERR; - } if (bdenom_sig->cipher != denom_pub->cipher) { GNUNET_break (0); @@ -135,7 +130,7 @@ TALER_denom_sig_unblind (struct TALER_DenominationSignature *denom_sig, denom_sig->details.rsa_signature = TALER_rsa_unblind ( bdenom_sig->details.blinded_rsa_signature, - &bks->details.rsa_bks, + &bks->rsa_bks, denom_pub->details.rsa_public_key); if (NULL == denom_sig->details.rsa_signature) { @@ -152,48 +147,12 @@ TALER_denom_sig_unblind (struct TALER_DenominationSignature *denom_sig, } -enum GNUNET_GenericReturnValue -TALER_blinding_secret_create (struct TALER_BlindingSecret *bs, - enum TALER_DenominationCipher cipher, - ...) -{ - memset (bs, - 0, - sizeof (*bs)); - switch (cipher) - { - case TALER_DENOMINATION_INVALID: - return GNUNET_OK; - case TALER_DENOMINATION_RSA: - bs->cipher = TALER_DENOMINATION_RSA; - GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, - &bs->details.rsa_bks, - sizeof (bs->details.rsa_bks)); - return GNUNET_OK; - // TODO: add case for Clause-Schnorr - default: - GNUNET_break (0); - } - return GNUNET_SYSERR; -} - - void -TALER_blinding_secret_free (struct TALER_BlindingSecret *bs) +TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs) { - switch (bs->cipher) - { - case TALER_DENOMINATION_INVALID: - return; - case TALER_DENOMINATION_RSA: - memset (bs, - 0, - sizeof (*bs)); - return; - // TODO: add case for Clause-Schnorr - default: - GNUNET_break (0); - } + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, + bs, + sizeof (*bs)); } diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c index 87e58bd3f..e4c0bf6fd 100644 --- a/src/util/test_helper_rsa.c +++ b/src/util/test_helper_rsa.c @@ -288,7 +288,7 @@ test_signing (struct TALER_CRYPTO_DenominationHelper *dh) if (GNUNET_OK != TALER_denom_sig_unblind (&rs, &ds, - &ps.blinding_key.bks, + &ps.blinding_key, &keys[i].denom_pub)) { GNUNET_break (0); -- cgit v1.2.3