[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] 72/130: abstract denomination keys a bit more
|
From: |
gnunet |
|
Subject: |
[taler-exchange] 72/130: abstract denomination keys a bit more |
|
Date: |
Wed, 17 Nov 2021 12:25:20 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
commit 32da809fd665f1ac19210bf48952f1988f417fb8
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Fri Nov 5 14:00:10 2021 +0100
abstract denomination keys a bit more
---
src/auditor/report-lib.c | 2 +-
src/auditordb/test_auditordb.c | 11 ++--
src/benchmark/taler-aggregator-benchmark.c | 19 +++---
src/exchangedb/test_exchangedb.c | 13 ++---
src/include/taler_crypto_lib.h | 36 ++++++++++++
src/testing/testing_api_cmd_insert_deposit.c | 24 +++++---
src/util/denom.c | 87 ++++++++++++++++++++++++++++
src/util/taler-exchange-secmod-rsa.c | 52 ++++++++---------
src/util/test_crypto.c | 11 ++--
9 files changed, 188 insertions(+), 67 deletions(-)
diff --git a/src/auditor/report-lib.c b/src/auditor/report-lib.c
index cc1b48b6..e6468f69 100644
--- a/src/auditor/report-lib.c
+++ b/src/auditor/report-lib.c
@@ -151,7 +151,7 @@ add_denomination (
&issue->value);
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Tracking denomination `%s' (%s)\n",
- GNUNET_h2s (&issue->denom_hash),
+ GNUNET_h2s (&issue->denom_hash.hash),
TALER_amount2s (&value));
TALER_amount_ntoh (&value,
&issue->fee_withdraw);
diff --git a/src/auditordb/test_auditordb.c b/src/auditordb/test_auditordb.c
index 7e5a9703..38f0c24f 100644
--- a/src/auditordb/test_auditordb.c
+++ b/src/auditordb/test_auditordb.c
@@ -142,12 +142,11 @@ run (void *cls)
RND_BLK (&master_pub);
RND_BLK (&reserve_pub);
RND_BLK (&rnd_hash);
- denom_priv.cipher = TALER_DENOMINATION_RSA;
- denom_priv.details.rsa_private_key = GNUNET_CRYPTO_rsa_private_key_create (
- 1024);
- TALER_denom_priv_to_pub (&denom_priv,
- 0, /* age mask */
- &denom_pub);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_priv_create (&denom_priv,
+ &denom_pub,
+ TALER_DENOMINATION_RSA,
+ 1024));
TALER_denom_pub_hash (&denom_pub,
&denom_pub_hash);
TALER_denom_priv_free (&denom_priv);
diff --git a/src/benchmark/taler-aggregator-benchmark.c
b/src/benchmark/taler-aggregator-benchmark.c
index 34c45b5c..35d6af6f 100644
--- a/src/benchmark/taler-aggregator-benchmark.c
+++ b/src/benchmark/taler-aggregator-benchmark.c
@@ -479,17 +479,16 @@ run (void *cls,
GNUNET_TIME_absolute_add (end,
GNUNET_TIME_UNIT_YEARS));
{
- struct GNUNET_CRYPTO_RsaPrivateKey *pk;
- struct GNUNET_CRYPTO_RsaPublicKey *pub;
+ struct TALER_DenominationPrivateKey pk;
struct GNUNET_HashCode hc;
- struct TALER_DenominationPublicKey denom_pub = {
- .cipher = TALER_DENOMINATION_RSA
- };
+ struct TALER_DenominationPublicKey denom_pub;
RANDOMIZE (&hc);
- pk = GNUNET_CRYPTO_rsa_private_key_create (1024);
- pub = GNUNET_CRYPTO_rsa_private_key_get_public (pk);
- denom_pub.details.rsa_public_key = pub;
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_priv_create (&pk,
+ &denom_pub,
+ TALER_DENOMINATION_RSA,
+ 1024));
TALER_denom_pub_hash (&denom_pub,
&h_denom_pub);
make_amountN (2, 0, &issue.properties.value);
@@ -510,10 +509,10 @@ run (void *cls,
}
denom_sig.cipher = TALER_DENOMINATION_RSA;
denom_sig.details.rsa_signature
- = GNUNET_CRYPTO_rsa_sign_fdh (pk,
+ = GNUNET_CRYPTO_rsa_sign_fdh (pk.details.rsa_private_key,
&hc);
TALER_denom_pub_free (&denom_pub);
- GNUNET_CRYPTO_rsa_private_key_free (pk);
+ TALER_denom_priv_free (&pk);
}
{
diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c
index 44ae5680..76a83a1b 100644
--- a/src/exchangedb/test_exchangedb.c
+++ b/src/exchangedb/test_exchangedb.c
@@ -225,14 +225,11 @@ create_denom_key_pair (unsigned int size,
struct TALER_EXCHANGEDB_DenominationKeyInformationP issue2;
dkp = GNUNET_new (struct DenomKeyPair);
- dkp->priv.cipher = TALER_DENOMINATION_RSA;
- dkp->priv.details.rsa_private_key = GNUNET_CRYPTO_rsa_private_key_create (
- size);
- GNUNET_assert (NULL != dkp->priv.details.rsa_private_key);
- TALER_denom_priv_to_pub (&dkp->priv,
- 0, /* age mask */
- &dkp->pub);
-
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_priv_create (&dkp->priv,
+ &dkp->pub,
+ TALER_DENOMINATION_RSA,
+ size));
/* Using memset() as fields like master key and signature
are not properly initialized for this test. */
memset (&dki,
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 8871369e..b726972c 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -677,6 +677,26 @@ void
TALER_denom_pub_free (struct TALER_DenominationPublicKey *denom_pub);
+/**
+ * Initialize denomination public-private key pair.
+ *
+ * For #TALER_DENOMINATION_RSA, an additional "unsigned int"
+ * argument with the number of bits for 'n' (e.g. 2048) must
+ * be passed.
+ *
+ * @param[out] denom_priv where to write the private key
+ * @param[out] deonm_pub where to write the public key
+ * @param cipher which type of cipher to use
+ * @param ... cipher-specific parameters
+ * @return #GNUNET_OK on success, #GNUNET_NO if parameters were invalid
+ */
+enum GNUNET_GenericReturnValue
+TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv,
+ struct TALER_DenominationPublicKey *denom_pub,
+ enum TALER_DenominationCipher cipher,
+ ...);
+
+
/**
* Free internals of @a denom_priv, but not @a denom_priv itself.
*
@@ -695,6 +715,22 @@ void
TALER_denom_sig_free (struct TALER_DenominationSignature *denom_sig);
+/**
+ * Create blinded signature.
+ *
+ * @param[out] denom_sig where to write the signature
+ * @param denom_priv private key to use for signing
+ * @param blinded_msg message to sign
+ * @param blinded_msg_size number of bytes in @a blinded_msg
+ * @return #GNUNET_OK on success
+ */
+enum GNUNET_GenericReturnValue
+TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
+ const struct TALER_DenominationPrivateKey
*denom_priv,
+ void *blinded_msg,
+ size_t blinded_msg_size);
+
+
/**
* Free internals of @a denom_sig, but not @a denom_sig itself.
*
diff --git a/src/testing/testing_api_cmd_insert_deposit.c
b/src/testing/testing_api_cmd_insert_deposit.c
index cc427ff5..88ced9c2 100644
--- a/src/testing/testing_api_cmd_insert_deposit.c
+++ b/src/testing/testing_api_cmd_insert_deposit.c
@@ -136,17 +136,17 @@ insert_deposit_run (void *cls,
struct TALER_EXCHANGEDB_Deposit deposit;
struct TALER_MerchantPrivateKeyP merchant_priv;
struct TALER_EXCHANGEDB_DenominationKeyInformationP issue;
- struct TALER_DenominationPublicKey dpk = {
- .cipher = TALER_DENOMINATION_RSA
- };
- struct GNUNET_CRYPTO_RsaPrivateKey *denom_priv;
+ struct TALER_DenominationPublicKey dpk;
+ struct TALER_DenominationPrivateKey denom_priv;
struct GNUNET_HashCode hc;
// prepare and store issue first.
fake_issue (&issue);
- denom_priv = GNUNET_CRYPTO_rsa_private_key_create (1024);
- dpk.details.rsa_public_key = GNUNET_CRYPTO_rsa_private_key_get_public (
- denom_priv);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_priv_create (&denom_priv,
+ &dpk,
+ TALER_DENOMINATION_RSA,
+ 1024));
TALER_denom_pub_hash (&dpk,
&issue.properties.denom_hash);
@@ -161,6 +161,8 @@ insert_deposit_run (void *cls,
ids->dbc->plugin->commit (ids->dbc->plugin->cls)) )
{
TALER_TESTING_interpreter_fail (is);
+ TALER_denom_pub_free (&dpk);
+ TALER_denom_priv_free (&denom_priv);
return;
}
@@ -189,6 +191,8 @@ insert_deposit_run (void *cls,
&deposit.deposit_fee)) )
{
TALER_TESTING_interpreter_fail (is);
+ TALER_denom_pub_free (&dpk);
+ TALER_denom_priv_free (&denom_priv);
return;
}
@@ -201,7 +205,7 @@ insert_deposit_run (void *cls,
&hc);
deposit.coin.denom_sig.cipher = TALER_DENOMINATION_RSA;
deposit.coin.denom_sig.details.rsa_signature
- = GNUNET_CRYPTO_rsa_sign_fdh (denom_priv,
+ = GNUNET_CRYPTO_rsa_sign_fdh (denom_priv.details.rsa_private_key,
&hc);
GNUNET_asprintf (&deposit.receiver_wire_account,
"payto://x-taler-bank/localhost/%s",
@@ -231,13 +235,15 @@ insert_deposit_run (void *cls,
GNUNET_break (0);
ids->dbc->plugin->rollback (ids->dbc->plugin->cls);
GNUNET_free (deposit.receiver_wire_account);
+ TALER_denom_pub_free (&dpk);
+ TALER_denom_priv_free (&denom_priv);
TALER_TESTING_interpreter_fail (is);
return;
}
TALER_denom_sig_free (&deposit.coin.denom_sig);
TALER_denom_pub_free (&dpk);
- GNUNET_CRYPTO_rsa_private_key_free (denom_priv);
+ TALER_denom_priv_free (&denom_priv);
GNUNET_free (deposit.receiver_wire_account);
TALER_TESTING_interpreter_next (is);
}
diff --git a/src/util/denom.c b/src/util/denom.c
index 15ba1c1a..f251d905 100644
--- a/src/util/denom.c
+++ b/src/util/denom.c
@@ -22,6 +22,93 @@
#include "taler_util.h"
+enum GNUNET_GenericReturnValue
+TALER_denom_priv_create (struct TALER_DenominationPrivateKey *denom_priv,
+ struct TALER_DenominationPublicKey *denom_pub,
+ enum TALER_DenominationCipher cipher,
+ ...)
+{
+ memset (denom_priv,
+ 0,
+ sizeof (*denom_priv));
+ memset (denom_pub,
+ 0,
+ sizeof (*denom_pub));
+ switch (cipher)
+ {
+ case TALER_DENOMINATION_INVALID:
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ case TALER_DENOMINATION_RSA:
+ {
+ va_list ap;
+ unsigned int bits;
+
+ va_start (ap, cipher);
+ bits = va_arg (ap, unsigned int);
+ va_end (ap);
+ if (bits < 512)
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ denom_priv->details.rsa_private_key
+ = GNUNET_CRYPTO_rsa_private_key_create (bits);
+ }
+ if (NULL == denom_priv->details.rsa_private_key)
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ denom_pub->details.rsa_public_key
+ = GNUNET_CRYPTO_rsa_private_key_get_public (
+ denom_priv->details.rsa_private_key);
+ denom_priv->cipher = cipher;
+ denom_pub->cipher = cipher;
+ return GNUNET_OK;
+ // TODO: add case for Clause-Schnorr
+ default:
+ GNUNET_break (0);
+ }
+ return GNUNET_SYSERR;
+}
+
+
+enum GNUNET_GenericReturnValue
+TALER_denom_sign_blinded (struct TALER_BlindedDenominationSignature *denom_sig,
+ const struct TALER_DenominationPrivateKey
*denom_priv,
+ void *blinded_msg,
+ size_t blinded_msg_size)
+{
+ memset (denom_sig,
+ 0,
+ sizeof (*denom_sig));
+ switch (denom_priv->cipher)
+ {
+ case TALER_DENOMINATION_INVALID:
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ case TALER_DENOMINATION_RSA:
+ denom_sig->details.blinded_rsa_signature
+ = GNUNET_CRYPTO_rsa_sign_blinded (
+ denom_priv->details.rsa_private_key,
+ blinded_msg,
+ blinded_msg_size);
+ if (NULL == denom_sig->details.blinded_rsa_signature)
+ {
+ GNUNET_break (0);
+ return GNUNET_SYSERR;
+ }
+ denom_sig->cipher = TALER_DENOMINATION_RSA;
+ return GNUNET_OK;
+ // TODO: add case for Clause-Schnorr
+ default:
+ GNUNET_break (0);
+ }
+ return GNUNET_SYSERR;
+}
+
+
void
TALER_denom_pub_hash (const struct TALER_DenominationPublicKey *denom_pub,
struct TALER_DenominationHash *denom_hash)
diff --git a/src/util/taler-exchange-secmod-rsa.c
b/src/util/taler-exchange-secmod-rsa.c
index 14709e2b..028c54ef 100644
--- a/src/util/taler-exchange-secmod-rsa.c
+++ b/src/util/taler-exchange-secmod-rsa.c
@@ -208,10 +208,10 @@ struct WorkItem
struct DenominationKey *dk;
/**
- * RSA signature over @e blinded_msg using @e dk. Result of doing the
- * work. Initially NULL.
+ * Signature over @e blinded_msg using @e dk. Result of doing the
+ * work. Initially zero.
*/
- struct GNUNET_CRYPTO_RsaSignature *rsa_signature;
+ struct TALER_BlindedDenominationSignature denom_sig;
/**
* Coin_ev value to sign.
@@ -424,11 +424,11 @@ sign_worker (void *cls)
wi);
work_counter--;
GNUNET_assert (0 == pthread_mutex_unlock (&work_lock));
- wi->rsa_signature
- = GNUNET_CRYPTO_rsa_sign_blinded (
- wi->dk->denom_priv.details.rsa_private_key,
- wi->blinded_msg,
- wi->blinded_msg_size);
+ GNUNET_break (GNUNET_OK ==
+ TALER_denom_sign_blinded (&wi->denom_sig,
+ &wi->dk->denom_priv,
+ wi->blinded_msg,
+ wi->blinded_msg_size));
/* put completed work into done queue */
GNUNET_assert (0 == pthread_mutex_lock (&done_lock));
GNUNET_CONTAINER_DLL_insert (done_head,
@@ -495,8 +495,8 @@ static void
free_dk (struct DenominationKey *dk)
{
GNUNET_free (dk->filename);
- GNUNET_CRYPTO_rsa_private_key_free (dk->denom_priv.details.rsa_private_key);
- GNUNET_CRYPTO_rsa_public_key_free (dk->denom_pub.details.rsa_public_key);
+ TALER_denom_priv_free (&dk->denom_priv);
+ TALER_denom_pub_free (&dk->denom_pub);
GNUNET_free (dk);
}
@@ -584,7 +584,7 @@ handle_done (void *cls)
done_tail,
wi);
GNUNET_assert (0 == pthread_mutex_unlock (&done_lock));
- if (NULL == wi->rsa_signature)
+ if (TALER_DENOMINATION_INVALID == wi->denom_sig.cipher)
{
struct TALER_CRYPTO_SignFailure sf = {
.header.size = htons (sizeof (sf)),
@@ -605,10 +605,10 @@ handle_done (void *cls)
size_t buf_size;
size_t tsize;
- buf_size = GNUNET_CRYPTO_rsa_signature_encode (wi->rsa_signature,
- &buf);
- GNUNET_CRYPTO_rsa_signature_free (wi->rsa_signature);
- wi->rsa_signature = NULL;
+ buf_size = GNUNET_CRYPTO_rsa_signature_encode (
+ wi->denom_sig.details.blinded_rsa_signature,
+ &buf);
+ TALER_blinded_denom_sig_free (&wi->denom_sig);
tsize = sizeof (*sr) + buf_size;
GNUNET_assert (tsize < UINT16_MAX);
sr = GNUNET_malloc (tsize);
@@ -844,19 +844,17 @@ setup_key (struct DenominationKey *dk,
size_t buf_size;
void *buf;
- priv.cipher = TALER_DENOMINATION_RSA;
- priv.details.rsa_private_key
- = GNUNET_CRYPTO_rsa_private_key_create (denom->rsa_keysize);
- if (NULL == priv.details.rsa_private_key)
+ if (GNUNET_OK !=
+ TALER_denom_priv_create (&priv,
+ &pub,
+ TALER_DENOMINATION_RSA,
+ (unsigned int) denom->rsa_keysize))
{
GNUNET_break (0);
GNUNET_SCHEDULER_shutdown ();
global_ret = 40;
return GNUNET_SYSERR;
}
- TALER_denom_priv_to_pub (&priv,
- 0 /* FIXME-Oec */,
- &pub);
buf_size = GNUNET_CRYPTO_rsa_private_key_encode
(priv.details.rsa_private_key,
&buf);
TALER_denom_pub_hash (&pub,
@@ -899,8 +897,8 @@ setup_key (struct DenominationKey *dk,
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Duplicate private key created! Terminating.\n");
- GNUNET_CRYPTO_rsa_private_key_free
(dk->denom_priv.details.rsa_private_key);
- GNUNET_CRYPTO_rsa_public_key_free (dk->denom_pub.details.rsa_public_key);
+ TALER_denom_priv_free (&dk->denom_priv);
+ TALER_denom_pub_free (&dk->denom_pub);
GNUNET_free (dk->filename);
GNUNET_free (dk);
return GNUNET_SYSERR;
@@ -1261,7 +1259,7 @@ purge_key (struct DenominationKey *dk)
dk->purge = true;
return;
}
- GNUNET_CRYPTO_rsa_private_key_free (dk->denom_priv.details.rsa_private_key);
+ TALER_denom_priv_free (&dk->denom_priv);
GNUNET_free (dk);
}
@@ -1447,8 +1445,8 @@ parse_key (struct Denomination *denom,
"Duplicate private key %s detected in file `%s'.
Skipping.\n",
GNUNET_h2s (&dk->h_denom_pub.hash),
filename);
- GNUNET_CRYPTO_rsa_private_key_free (priv.details.rsa_private_key);
- GNUNET_CRYPTO_rsa_public_key_free (pub.details.rsa_public_key);
+ TALER_denom_priv_free (&priv);
+ TALER_denom_pub_free (&pub);
GNUNET_free (dk);
return;
}
diff --git a/src/util/test_crypto.c b/src/util/test_crypto.c
index 653df86f..416ca5e2 100644
--- a/src/util/test_crypto.c
+++ b/src/util/test_crypto.c
@@ -92,12 +92,11 @@ test_planchets (void)
struct TALER_FreshCoin coin;
struct TALER_CoinPubHash c_hash;
- dk_priv.cipher = TALER_DENOMINATION_RSA;
- dk_priv.details.rsa_private_key
- = GNUNET_CRYPTO_rsa_private_key_create (1024);
- TALER_denom_priv_to_pub (&dk_priv,
- 0,
- &dk_pub);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_priv_create (&dk_priv,
+ &dk_pub,
+ TALER_DENOMINATION_RSA,
+ 1024));
TALER_planchet_setup_random (&ps);
GNUNET_assert (GNUNET_OK ==
TALER_planchet_prepare (&dk_pub,
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-exchange] 130/130: towards merging with master, (continued)
- [taler-exchange] 130/130: towards merging with master, gnunet, 2021/11/17
- [taler-exchange] 118/130: -new option, gnunet, 2021/11/17
- [taler-exchange] 77/130: -fixes, gnunet, 2021/11/17
- [taler-exchange] 103/130: comment, gnunet, 2021/11/17
- [taler-exchange] 124/130: fix oauth_username issue, gnunet, 2021/11/17
- [taler-exchange] 115/130: -preparations for long polling support, gnunet, 2021/11/17
- [taler-exchange] 110/130: misc TODOs for KYC left, gnunet, 2021/11/17
- [taler-exchange] 84/130: move extension options to external table, gnunet, 2021/11/17
- [taler-exchange] 109/130: get first KYC test to pass, gnunet, 2021/11/17
- [taler-exchange] 85/130: include h_extensions in deposit confirmation, gnunet, 2021/11/17
- [taler-exchange] 72/130: abstract denomination keys a bit more,
gnunet <=
- [taler-exchange] 105/130: add KYC test skeleton, gnunet, 2021/11/17
- [taler-exchange] 122/130: readme, gnunet, 2021/11/17
- [taler-exchange] 123/130: -fix rval, gnunet, 2021/11/17
- [taler-exchange] 76/130: -brks, gnunet, 2021/11/17
- [taler-exchange] 87/130: SQL fix, gnunet, 2021/11/17
- [taler-exchange] 129/130: towards merging with master, gnunet, 2021/11/17
- [taler-exchange] 81/130: more RSA cleanup, gnunet, 2021/11/17
- [taler-exchange] 104/130: implement OAuth 2.0 service, gnunet, 2021/11/17