From f3fb7c29e69d38ee77d6214cf001f8e18fa00f2b Mon Sep 17 00:00:00 2001 From: Gian Demarmels Date: Fri, 17 Dec 2021 14:35:10 +0100 Subject: added CS data structures, implemented CS keypair --- src/benchmark/taler-aggregator-benchmark.c | 10 +- src/exchange/taler-exchange-httpd_recoup.c | 15 +- .../taler-exchange-httpd_refreshes_reveal.c | 6 +- src/exchangedb/test_exchangedb.c | 27 ++- src/include/taler_crypto_lib.h | 206 +++++++++++++++++++-- src/lib/exchange_api_link.c | 11 +- src/lib/exchange_api_refresh_common.c | 6 +- src/lib/exchange_api_refreshes_reveal.c | 17 +- src/lib/exchange_api_withdraw.c | 2 +- src/lib/exchange_api_withdraw2.c | 14 +- src/testing/testing_api_cmd_insert_deposit.c | 10 +- src/testing/testing_api_cmd_withdraw.c | 4 +- src/util/crypto.c | 66 ++++++- src/util/denom.c | 66 ++++--- src/util/test_crypto.c | 78 +++++++- src/util/test_helper_rsa.c | 29 ++- 16 files changed, 463 insertions(+), 104 deletions(-) (limited to 'src') diff --git a/src/benchmark/taler-aggregator-benchmark.c b/src/benchmark/taler-aggregator-benchmark.c index 411921000..47314abe9 100644 --- a/src/benchmark/taler-aggregator-benchmark.c +++ b/src/benchmark/taler-aggregator-benchmark.c @@ -518,21 +518,19 @@ run (void *cls, return; } - TALER_blinding_secret_create (&bks); + TALER_blinding_secret_create (&bks, TALER_DENOMINATION_RSA); GNUNET_assert (GNUNET_OK == TALER_denom_blind (&denom_pub, &bks, NULL, /* FIXME-oec */ &coin_pub, &c_hash, - &pd.coin_ev, - &pd.coin_ev_size)); + &pd.blinded_planchet)); GNUNET_assert (GNUNET_OK == TALER_denom_sign_blinded (&bds, &pk, - pd.coin_ev, - pd.coin_ev_size)); - GNUNET_free (pd.coin_ev); + &pd.blinded_planchet)); + GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg); GNUNET_assert (GNUNET_OK == TALER_denom_sig_unblind (&denom_sig, &bds, diff --git a/src/exchange/taler-exchange-httpd_recoup.c b/src/exchange/taler-exchange-httpd_recoup.c index 0deaa8bbb..97eb0496f 100644 --- a/src/exchange/taler-exchange-httpd_recoup.c +++ b/src/exchange/taler-exchange-httpd_recoup.c @@ -243,9 +243,11 @@ verify_and_execute_recoup ( } { + //FIXME: void *coin_ev; size_t coin_ev_size; struct TALER_CoinPubHash c_hash; + struct TALER_BlindedPlanchet blinded_planchet; if (GNUNET_OK != TALER_denom_blind (&dk->denom_pub, @@ -253,8 +255,7 @@ verify_and_execute_recoup ( NULL, /* FIXME-Oec: TALER_AgeHash * */ &coin->coin_pub, &c_hash, - &coin_ev, - &coin_ev_size)) + &blinded_planchet)) { GNUNET_break (0); return TALER_MHD_reply_with_error ( @@ -263,10 +264,12 @@ verify_and_execute_recoup ( TALER_EC_EXCHANGE_RECOUP_BLINDING_FAILED, NULL); } - TALER_coin_ev_hash (coin_ev, - coin_ev_size, - &pc.h_blind); - GNUNET_free (coin_ev); + TALER_coin_ev_hash ( + blinded_planchet.details.rsa_blinded_planchet.blinded_msg, + blinded_planchet.details.rsa_blinded_planchet. + blinded_msg_size, + &pc.h_blind); + GNUNET_free (blinded_planchet.details.rsa_blinded_planchet.blinded_msg); } pc.coin_sig = coin_sig; diff --git a/src/exchange/taler-exchange-httpd_refreshes_reveal.c b/src/exchange/taler-exchange-httpd_refreshes_reveal.c index 30a7294c1..4e004025b 100644 --- a/src/exchange/taler-exchange-httpd_refreshes_reveal.c +++ b/src/exchange/taler-exchange-httpd_refreshes_reveal.c @@ -193,8 +193,10 @@ check_commitment (struct RevealContext *rctx, &ps, &c_hash, &pd)); - rcd->coin_ev = pd.coin_ev; - rcd->coin_ev_size = pd.coin_ev_size; + rcd->coin_ev = + pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg; + rcd->coin_ev_size = + pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size; } } } diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c index cca7c3f47..3306837d7 100644 --- a/src/exchangedb/test_exchangedb.c +++ b/src/exchangedb/test_exchangedb.c @@ -531,10 +531,8 @@ handle_link_data_cb (void *cls, break; } } - GNUNET_assert (found); - } -} - + //FIXME: + GNUNET_assert (GNUNET_NO != found); /** * Callback that should never be called. @@ -1469,7 +1467,7 @@ run (void *cls) struct TALER_CoinSpendPublicKeyP coin_pub; struct TALER_AgeHash age_hash; struct TALER_AgeHash *p_ah[2] = {NULL, &age_hash}; - + //FIXME: /* Call TALER_denom_blind()/TALER_denom_sign_blinded() twice, once without * age_hash, once with age_hash */ RND_BLK (&age_hash); @@ -1495,6 +1493,25 @@ run (void *cls) pd.coin_ev_size)); GNUNET_free (pd.coin_ev); } + RND_BLK (&coin_pub); + TALER_blinding_secret_create (&bks, TALER_DENOMINATION_RSA); + GNUNET_assert (GNUNET_OK == + TALER_denom_blind (&dkp->pub, + &bks, + NULL, /* FIXME-Oec */ + &coin_pub, + &c_hash, + &pd.blinded_planchet)); + TALER_coin_ev_hash ( + pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg, + pd.blinded_planchet.details.rsa_blinded_planchet. + blinded_msg_size, + &cbc.h_coin_envelope); + GNUNET_assert (GNUNET_OK == + TALER_denom_sign_blinded (&cbc.sig, + &dkp->priv, + &pd.blinded_planchet)); + GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg); } cbc.reserve_pub = reserve_pub; diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 6a805b645..2e0674fb1 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -353,9 +353,15 @@ struct TALER_CoinSpendSignatureP /** * @brief Type of blinding keys for Taler. + * must be 32 bytes */ union TALER_DenominationBlindingKeyP { + /** + * Clause Schnorr Signatures have 2 blinding secrets, each containing two unpredictable values. + */ + struct GNUNET_CRYPTO_CsNonce nonce; + /** * Taler uses RSA for blind signatures. */ @@ -575,9 +581,9 @@ enum TALER_DenominationCipher TALER_DENOMINATION_RSA = 1, /** - * Clause-Schnorr blind signature. + * Clause Blind Schnorr signature. */ - // TALER_DENOMINATION_CS = 2 + TALER_DENOMINATION_CS = 2 }; @@ -597,6 +603,10 @@ struct TALER_DenominationSignature */ union { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + */ + struct GNUNET_CRYPTO_CsSignature cs_signature; /** * If we use #TALER_DENOMINATION_RSA in @a cipher. @@ -607,6 +617,24 @@ struct TALER_DenominationSignature }; +/** + * The Sign Answer for Clause B lind Schnorr signature. + * The sign operation returns a parameter @param b and the signature + * scalar @param s_scalar. + * The function does not return the whole signature, due to that is only the blinded s_scalar. + */ +struct TALER_BlindedDenominationCsSignAnswer +{ + /** + * To make ROS problem harder, the signer chooses an unpredictable b and only calculates signature of c_b + */ + unsigned int b; + + /** + * The blinded s scalar calculated from c_b + */ + struct GNUNET_CRYPTO_CsBlindS s_scalar; +}; /** * @brief Type for *blinded* denomination signatures for Taler. @@ -625,6 +653,12 @@ struct TALER_BlindedDenominationSignature */ union { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + * At this point only the blinded s scalar is used. + * The final signature consisting of r,s is built after unblinding. + */ + struct TALER_BlindedDenominationCsSignAnswer blinded_cs_answer; /** * If we use #TALER_DENOMINATION_RSA in @a cipher. @@ -657,6 +691,10 @@ struct TALER_DenominationPublicKey */ union { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + */ + struct GNUNET_CRYPTO_CsPublicKey cs_public_key; /** * If we use #TALER_DENOMINATION_RSA in @a cipher. @@ -683,6 +721,10 @@ struct TALER_DenominationPrivateKey */ union { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + */ + struct GNUNET_CRYPTO_CsPrivateKey cs_private_key; /** * If we use #TALER_DENOMINATION_RSA in @a cipher. @@ -692,6 +734,141 @@ struct TALER_DenominationPrivateKey } details; }; +/** + * @brief RSA Parameters to create blinded signature + * + */ +struct TALER_BlindedRsaPlanchet +{ + /** + * blinded message to be signed + * Note: is malloc()'ed! + */ + void *blinded_msg; + + /** + * size of the blinded message to be signed + */ + size_t blinded_msg_size; +}; + + +/** + * @brief CS Parameters to create blinded signature + * + */ +struct TALER_BlindedCsPlanchet +{ + /** + * Withdraw or refresh nonce used for derivation + */ + struct GNUNET_CRYPTO_CsNonce nonce; + + /** + * The Clause Schnorr c_0 and c_1 containing the blinded message + */ + struct GNUNET_CRYPTO_CsC c[2]; +}; + + +/** + * @brief Type including Parameters to create blinded signature + * + */ +struct TALER_BlindedPlanchet +{ + /** + * Type of the sign blinded message + */ + enum TALER_DenominationCipher cipher; + + /** + * Details, depending on @e cipher. + */ + union + { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + */ + struct TALER_BlindedCsPlanchet cs_blinded_planchet; + + /** + * If we use #TALER_DENOMINATION_RSA in @a cipher. + */ + struct TALER_BlindedRsaPlanchet rsa_blinded_planchet; + + } details; +}; + + +/** + * @brief RSA Parameters to create blinded messages + * + */ +struct TALER_DenominationBlindMessageRsaParams +{ + /** + * blinded message to be signed + * Note: is malloc()'ed! + */ + void **coin_ev; + + /** + * size of the blinded message to be signed + */ + size_t *coin_ev_size; +}; + + +/** + * @brief CS Parameters to create blinded messages + * + */ +struct TALER_DenominationBlindMessageCsParams +{ + +}; + +/** + * @brief Type including Parameters to create blinded message + * + */ +struct TALER_DenominationBlindMessageParams +{ + /** + * Details, depending on @e cipher. + */ + union + { + /** + * If we use #TALER_DENOMINATION_CS in @a cipher. + */ + struct TALER_DenominationBlindMessageCsParams cs_blind_msg_params; + + /** + * If we use #TALER_DENOMINATION_RSA in @a cipher. + */ + struct TALER_DenominationBlindMessageRsaParams rsa_blind_msg_params; + + } details; +}; + +/** + * @brief CS Blinding Secret parameters to derive blinding secrets + * + */ +struct TALER_PlanchetDeriveCsBlindingSecrets +{ + /** + * Secret to derive blinding secrets from + */ + void *secret; + + /** + * size of the secret to derive blinding secrets from + */ + size_t secret_len; +}; /** * @brief Public information about a coin (including the public key @@ -768,7 +945,9 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub); * @param[out] bs blinding secret to initialize */ void -TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs); +TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs, + enum TALER_DenominationCipher cipher, + ...); /** @@ -827,8 +1006,7 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk, const struct TALER_AgeHash *age_commitment_hash, const struct TALER_CoinSpendPublicKeyP *coin_pub, struct TALER_CoinPubHash *c_hash, - void **coin_ev, - size_t *coin_ev_size); + struct TALER_BlindedPlanchet *blinded_planchet); /** @@ -843,8 +1021,7 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk, enum GNUNET_GenericReturnValue TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, const struct TALER_DenominationPrivateKey *denom_priv, - void *blinded_msg, - size_t blinded_msg_size); + const struct TALER_BlindedPlanchet *blinded_planchet); /** @@ -1056,7 +1233,7 @@ struct TALER_PlanchetSecretsP struct TALER_CoinSpendPrivateKeyP coin_priv; /** - * The blinding key. + * The blinding key. must be 32 byte */ union TALER_DenominationBlindingKeyP blinding_key; @@ -1080,14 +1257,9 @@ struct TALER_PlanchetDetail struct TALER_DenominationHash denom_pub_hash; /** - * Blinded coin (see GNUNET_CRYPTO_rsa_blind()). Note: is malloc()'ed! + * The blinded planchet */ - void *coin_ev; - - /** - * Number of bytes in @a coin_ev. - */ - size_t coin_ev_size; + struct TALER_BlindedPlanchet blinded_planchet; }; @@ -1224,7 +1396,9 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed, * @param[out] ps value to initialize */ void -TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps); +TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps, + enum TALER_DenominationCipher cipher, + ...); /** diff --git a/src/lib/exchange_api_link.c b/src/lib/exchange_api_link.c index ec085b533..87bb5dc94 100644 --- a/src/lib/exchange_api_link.c +++ b/src/lib/exchange_api_link.c @@ -155,20 +155,25 @@ parse_link_coin (const struct TALER_EXCHANGE_LinkHandle *lh, GNUNET_CRYPTO_hash (pd.coin_ev, pd.coin_ev_size, &coin_envelope_hash.hash); - + //FIXME: if (GNUNET_OK != TALER_wallet_link_verify (&pd.denom_pub_hash, trans_pub, &coin_envelope_hash, + pd.blinded_planchet.details. + rsa_blinded_planchet.blinded_msg, + pd.blinded_planchet.details. + rsa_blinded_planchet.blinded_msg_size, &old_coin_pub, &link_sig)) { GNUNET_break_op (0); - GNUNET_free (pd.coin_ev); + GNUNET_free ( + pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg); GNUNET_JSON_parse_free (spec); return GNUNET_SYSERR; } - GNUNET_free (pd.coin_ev); + GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg); } /* clean up */ diff --git a/src/lib/exchange_api_refresh_common.c b/src/lib/exchange_api_refresh_common.c index 3e367566d..fa3e63fef 100644 --- a/src/lib/exchange_api_refresh_common.c +++ b/src/lib/exchange_api_refresh_common.c @@ -441,8 +441,10 @@ TALER_EXCHANGE_refresh_prepare ( return NULL; } rcd->dk = &md.fresh_pks[j]; - rcd->coin_ev = pd.coin_ev; - rcd->coin_ev_size = pd.coin_ev_size; + rcd->coin_ev = + pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg; + rcd->coin_ev_size = + pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg_size; } } diff --git a/src/lib/exchange_api_refreshes_reveal.c b/src/lib/exchange_api_refreshes_reveal.c index 2b7fcf8cf..6fc3f1a3f 100644 --- a/src/lib/exchange_api_refreshes_reveal.c +++ b/src/lib/exchange_api_refreshes_reveal.c @@ -370,15 +370,22 @@ TALER_EXCHANGE_refreshes_reveal ( } GNUNET_assert (0 == json_array_append_new (coin_evs, - GNUNET_JSON_from_data (pd.coin_ev, - pd.coin_ev_size))); + GNUNET_JSON_from_data ( + pd.blinded_planchet.details. + rsa_blinded_planchet.blinded_msg, + pd. + blinded_planchet.details. + rsa_blinded_planchet. + blinded_msg_size))); { struct TALER_CoinSpendSignatureP link_sig; TALER_wallet_link_sign (&denom_hash, &transfer_pub, - pd.coin_ev, - pd.coin_ev_size, + pd.blinded_planchet.details.rsa_blinded_planchet. + blinded_msg, + pd.blinded_planchet.details.rsa_blinded_planchet. + blinded_msg_size, &md->melted_coin.coin_priv, &link_sig); GNUNET_assert (0 == @@ -386,7 +393,7 @@ TALER_EXCHANGE_refreshes_reveal ( link_sigs, GNUNET_JSON_from_data_auto (&link_sig))); } - GNUNET_free (pd.coin_ev); + GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg); } /* build array of transfer private keys */ diff --git a/src/lib/exchange_api_withdraw.c b/src/lib/exchange_api_withdraw.c index 5e823ee6d..5834306eb 100644 --- a/src/lib/exchange_api_withdraw.c +++ b/src/lib/exchange_api_withdraw.c @@ -200,7 +200,7 @@ TALER_EXCHANGE_withdraw ( reserve_priv, &handle_reserve_withdraw_finished, wh); - GNUNET_free (pd.coin_ev); + GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg); return wh; } diff --git a/src/lib/exchange_api_withdraw2.c b/src/lib/exchange_api_withdraw2.c index d50892e5b..c8eb31822 100644 --- a/src/lib/exchange_api_withdraw2.c +++ b/src/lib/exchange_api_withdraw2.c @@ -437,9 +437,11 @@ TALER_EXCHANGE_withdraw2 ( TALER_amount_hton (&req.amount_with_fee, &wh->requested_amount); - TALER_coin_ev_hash (pd->coin_ev, - pd->coin_ev_size, - &req.h_coin_envelope); + TALER_coin_ev_hash ( + pd->blinded_planchet.details.rsa_blinded_planchet.blinded_msg, + pd->blinded_planchet.details.rsa_blinded_planchet. + blinded_msg_size, + &req.h_coin_envelope); GNUNET_CRYPTO_eddsa_sign (&reserve_priv->eddsa_priv, &req, &reserve_sig.eddsa_signature); @@ -452,8 +454,10 @@ TALER_EXCHANGE_withdraw2 ( GNUNET_JSON_pack_data_auto ("denom_pub_hash", &pd->denom_pub_hash), GNUNET_JSON_pack_data_varsize ("coin_ev", - pd->coin_ev, - pd->coin_ev_size), + pd->blinded_planchet.details. + rsa_blinded_planchet.blinded_msg, + pd->blinded_planchet.details. + rsa_blinded_planchet.blinded_msg_size), GNUNET_JSON_pack_data_auto ("reserve_sig", &reserve_sig)); GNUNET_log (GNUNET_ERROR_TYPE_INFO, diff --git a/src/testing/testing_api_cmd_insert_deposit.c b/src/testing/testing_api_cmd_insert_deposit.c index d45bd0c67..738c4b67d 100644 --- a/src/testing/testing_api_cmd_insert_deposit.c +++ b/src/testing/testing_api_cmd_insert_deposit.c @@ -203,21 +203,19 @@ insert_deposit_run (void *cls, struct TALER_BlindedDenominationSignature bds; union TALER_DenominationBlindingKeyP bks; - TALER_blinding_secret_create (&bks); + TALER_blinding_secret_create (&bks, TALER_DENOMINATION_RSA); GNUNET_assert (GNUNET_OK == TALER_denom_blind (&dpk, &bks, NULL, /* FIXME-Oec */ &deposit.coin.coin_pub, &c_hash, - &pd.coin_ev, - &pd.coin_ev_size)); + &pd.blinded_planchet)); GNUNET_assert (GNUNET_OK == TALER_denom_sign_blinded (&bds, &denom_priv, - pd.coin_ev, - pd.coin_ev_size)); - GNUNET_free (pd.coin_ev); + &pd.blinded_planchet)); + GNUNET_free (pd.blinded_planchet.details.rsa_blinded_planchet.blinded_msg); GNUNET_assert (GNUNET_OK == TALER_denom_sig_unblind (&deposit.coin.denom_sig, &bds, diff --git a/src/testing/testing_api_cmd_withdraw.c b/src/testing/testing_api_cmd_withdraw.c index 8e6cba704..e87f42c34 100644 --- a/src/testing/testing_api_cmd_withdraw.c +++ b/src/testing/testing_api_cmd_withdraw.c @@ -388,7 +388,7 @@ withdraw_run (void *cls, &ws->reserve_pub); if (NULL == ws->reuse_coin_key_ref) { - TALER_planchet_setup_random (&ws->ps); + TALER_planchet_setup_random (&ws->ps, TALER_DENOMINATION_RSA); } else { @@ -409,7 +409,7 @@ withdraw_run (void *cls, TALER_TESTING_get_trait_coin_priv (cref, index, &coin_priv)); - TALER_planchet_setup_random (&ws->ps); + TALER_planchet_setup_random (&ws->ps, TALER_DENOMINATION_RSA); ws->ps.coin_priv = *coin_priv; } if (NULL == ws->pk) diff --git a/src/util/crypto.c b/src/util/crypto.c index 178db3aad..a8413e0f5 100644 --- a/src/util/crypto.c +++ b/src/util/crypto.c @@ -167,11 +167,68 @@ TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed, void -TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps) +blinding_secret_create_va (union TALER_DenominationBlindingKeyP *bs, + enum TALER_DenominationCipher cipher, + va_list ap) +{ + switch (cipher) + { + case TALER_DENOMINATION_INVALID: + GNUNET_break (0); + return; + case TALER_DENOMINATION_RSA: + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, + &bs->rsa_bks, + sizeof (struct + GNUNET_CRYPTO_RsaBlindingKeySecret)); + return; + case TALER_DENOMINATION_CS: + { + // TODO: nonce teil ist noch falsch. da kommt bs[2] zurück, was wir nicht speichern wollen! + struct TALER_PlanchetDeriveCsBlindingSecrets*seed; + + seed = va_arg (ap, struct TALER_PlanchetDeriveCsBlindingSecrets *); + + // GNUNET_CRYPTO_cs_blinding_secrets_derive(&seed->secret, + // seed->secret_len, + // &bs->nonce); + return; + } + + default: + GNUNET_break (0); + } + + GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, + bs, + sizeof (*bs)); +} + + +void +TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs, + enum TALER_DenominationCipher cipher, + ...) +{ + va_list ap; + va_start (ap, cipher); + blinding_secret_create_va (bs, cipher, ap); + va_end (ap); +} + + +void +TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps, + enum TALER_DenominationCipher cipher, + ...) { GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG, - ps, - sizeof (*ps)); + &ps->coin_priv, + sizeof (struct TALER_CoinSpendPrivateKeyP)); + va_list ap; + va_start (ap, cipher); + blinding_secret_create_va (&ps->blinding_key, cipher, ap); + va_end (ap); } @@ -191,8 +248,7 @@ TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk, NULL, /* FIXME-Oec */ &coin_pub, c_hash, - &pd->coin_ev, - &pd->coin_ev_size)) + &pd->blinded_planchet)) { GNUNET_break (0); return GNUNET_SYSERR; diff --git a/src/util/denom.c b/src/util/denom.c index b6b3764da..bcfa3efab 100644 --- a/src/util/denom.c +++ b/src/util/denom.c @@ -34,6 +34,10 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv, memset (denom_pub, 0, sizeof (*denom_pub)); + + denom_priv->cipher = cipher; + denom_pub->cipher = cipher; + switch (cipher) { case TALER_DENOMINATION_INVALID: @@ -63,10 +67,13 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv, denom_pub->details.rsa_public_key = GNUNET_CRYPTO_rsa_private_key_get_public ( denom_priv->details.rsa_private_key); - denom_priv->cipher = cipher; - denom_pub->cipher = cipher; return GNUNET_OK; - // TODO: add case for Clause-Schnorr + case TALER_DENOMINATION_CS: + GNUNET_CRYPTO_cs_private_key_generate (&denom_priv->details.cs_private_key); + GNUNET_CRYPTO_cs_private_key_get_public ( + &denom_priv->details.cs_private_key, + &denom_pub->details.cs_public_key); + return GNUNET_OK; default: GNUNET_break (0); } @@ -77,8 +84,7 @@ TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv, enum GNUNET_GenericReturnValue TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, const struct TALER_DenominationPrivateKey *denom_priv, - void *blinded_msg, - size_t blinded_msg_size) + const struct TALER_BlindedPlanchet *blinded_planchet) { memset (denom_sig, 0, @@ -92,8 +98,8 @@ TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig, denom_sig->details.blinded_rsa_signature = GNUNET_CRYPTO_rsa_sign_blinded ( denom_priv->details.rsa_private_key, - blinded_msg, - blinded_msg_size); + blinded_planchet->details.rsa_blinded_planchet.blinded_msg, + blinded_planchet->details.rsa_blinded_planchet.blinded_msg_size); if (NULL == denom_sig->details.blinded_rsa_signature) { GNUNET_break (0); @@ -147,15 +153,6 @@ TALER_denom_sig_unblind ( } -void -TALER_blinding_secret_create (union TALER_DenominationBlindingKeyP *bs) -{ - GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE, - bs, - sizeof (*bs)); -} - - /** * Hash @a rsa. * @@ -238,21 +235,28 @@ TALER_denom_blind (const struct TALER_DenominationPublicKey *dk, const struct TALER_AgeHash *age_commitment_hash, const struct TALER_CoinSpendPublicKeyP *coin_pub, struct TALER_CoinPubHash *c_hash, - void **coin_ev, - size_t *coin_ev_size) + struct TALER_BlindedPlanchet *blinded_planchet) { + // if (dk->cipher != blinded_planchet->cipher) + // { + // GNUNET_break (0); + // return GNUNET_SYSERR; + // } + blinded_planchet->cipher = dk->cipher; + TALER_coin_pub_hash (coin_pub, + age_commitment_hash, + c_hash); switch (dk->cipher) { case TALER_DENOMINATION_RSA: - TALER_coin_pub_hash (coin_pub, - age_commitment_hash, - c_hash); if (GNUNET_YES != GNUNET_CRYPTO_rsa_blind (&c_hash->hash, &coin_bks->rsa_bks, dk->details.rsa_public_key, - coin_ev, - coin_ev_size)) + &blinded_planchet->details.rsa_blinded_planchet + .blinded_msg, + &blinded_planchet->details.rsa_blinded_planchet + .blinded_msg_size)) { GNUNET_break (0); return GNUNET_SYSERR; @@ -314,7 +318,9 @@ TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub) } denom_pub->cipher = TALER_DENOMINATION_INVALID; return; - // TODO: add case for Clause-Schnorr + case TALER_DENOMINATION_CS: + // TODO: ATM nothing needs to be freed, but check again after implementation. + return; default: GNUNET_assert (0); } @@ -336,7 +342,9 @@ TALER_denom_priv_free (struct TALER_DenominationPrivateKey *denom_priv) } denom_priv->cipher = TALER_DENOMINATION_INVALID; return; - // TODO: add case for Clause-Schnorr + case TALER_DENOMINATION_CS: + // TODO: ATM nothing needs to be freed, but check again after implementation. + return; default: GNUNET_assert (0); } @@ -358,7 +366,9 @@ TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig) } denom_sig->cipher = TALER_DENOMINATION_INVALID; return; - // TODO: add case for Clause-Schnorr + case TALER_DENOMINATION_CS: + // TODO: ATM nothing needs to be freed, but check again after implementation. + return; default: GNUNET_assert (0); } @@ -382,7 +392,9 @@ TALER_blinded_denom_sig_free ( } denom_sig->cipher = TALER_DENOMINATION_INVALID; return; - // TODO: add case for Clause-Schnorr + case TALER_DENOMINATION_CS: + // TODO: ATM nothing needs to be freed, but check again after implementation. + return; default: GNUNET_assert (0); } diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c index 5ee06487b..12f9e64c0 100644 --- a/src/util/test_crypto.c +++ b/src/util/test_crypto.c @@ -82,7 +82,7 @@ test_high_level (void) * @return 0 on success */ static int -test_planchets (void) +test_planchets_rsa (void) { struct TALER_PlanchetSecretsP ps; struct TALER_DenominationPrivateKey dk_priv; @@ -92,12 +92,23 @@ test_planchets (void) struct TALER_FreshCoin coin; struct TALER_CoinPubHash c_hash; + + GNUNET_assert (GNUNET_SYSERR == + TALER_denom_priv_create (&dk_priv, + &dk_pub, + TALER_DENOMINATION_INVALID)); + + GNUNET_assert (GNUNET_SYSERR == + TALER_denom_priv_create (&dk_priv, + &dk_pub, + 42)); + GNUNET_assert (GNUNET_OK == TALER_denom_priv_create (&dk_priv, &dk_pub, TALER_DENOMINATION_RSA, 1024)); - TALER_planchet_setup_random (&ps); + TALER_planchet_setup_random (&ps, TALER_DENOMINATION_RSA); GNUNET_assert (GNUNET_OK == TALER_planchet_prepare (&dk_pub, &ps, @@ -106,8 +117,7 @@ test_planchets (void) GNUNET_assert (GNUNET_OK == TALER_denom_sign_blinded (&blind_sig, &dk_priv, - pd.coin_ev, - pd.coin_ev_size)); + &pd.blinded_planchet)); GNUNET_assert (GNUNET_OK == TALER_planchet_to_coin (&dk_pub, &blind_sig, @@ -122,6 +132,66 @@ test_planchets (void) } +/** + * Test the basic planchet functionality of creating a fresh planchet with CS denomination + * and extracting the respective signature. + * + * @return 0 on success + */ +static int +test_planchets_cs (void) +{ + // struct TALER_PlanchetSecretsP ps; + struct TALER_DenominationPrivateKey dk_priv; + struct TALER_DenominationPublicKey dk_pub; + // struct TALER_PlanchetDetail pd; + // struct TALER_BlindedDenominationSignature blind_sig; + // struct TALER_FreshCoin coin; + // struct TALER_CoinPubHash c_hash; + // struct TALER_PlanchetDeriveCsBlindingSecrets seed; + + GNUNET_assert (GNUNET_OK == + TALER_denom_priv_create (&dk_priv, + &dk_pub, + TALER_DENOMINATION_CS)); + + // seed.secret = "test secret"; + // seed.secret_len = strlen ("test secret"); + + // TODO: Probably need to adjust GNUNET CS implementation for the CSNonce creation and afterwards adjust the derive function + // TALER_planchet_setup_random (&ps, TALER_DENOMINATION_CS, &seed); + + // GNUNET_assert (GNUNET_OK == + // TALER_planchet_prepare (&dk_pub, + // &ps, + // &c_hash, + // &pd)); + + + // TALER_blinded_denom_sig_free (&blind_sig); + // TALER_denom_sig_free (&coin.sig); + TALER_denom_priv_free (&dk_priv); + TALER_denom_pub_free (&dk_pub); + return 0; +} + + +/** + * Test the basic planchet functionality of creating a fresh planchet + * and extracting the respective signature. + * Calls test_planchets_rsa and test_planchets_cs + * + * @return 0 on success + */ +static int +test_planchets (void) +{ + if (0 != test_planchets_rsa ()) + return -1; + return test_planchets_cs (); +} + + static int test_exchange_sigs (void) { diff --git a/src/util/test_helper_rsa.c b/src/util/test_helper_rsa.c index ac4ae1dc0..e51fa26e1 100644 --- a/src/util/test_helper_rsa.c +++ b/src/util/test_helper_rsa.c @@ -270,13 +270,15 @@ test_signing (struct TALER_CRYPTO_RsaDenominationHelper *dh) struct TALER_PlanchetSecretsP ps; struct TALER_CoinPubHash c_hash; - TALER_planchet_setup_random (&ps); + TALER_planchet_setup_random (&ps, TALER_DENOMINATION_RSA); for (unsigned int i = 0; i