[Taler] FDH

[Jeff Burdges]

Florian,

I've committed an implementation of a Full Domain Hash (FDH) to GNUNet,
which results in a slight API change for Taler : 

I renamed  GNUNET_CRYPTO_rsa_sign  to  GNUNET_CRYPTO_rsa_sign_blinded
because computing the FDH on the GNUNet side meant separating out the
regular RSA signature call as  GNUNET_CRYPTO_rsa_sign_fdh.  Afaik, we
never sign anything besides a coin with an RSA key, so you won't need
that new function, but GNUNet runs it during tests.  I could push this
change to the exchange myself, but I figured telling you was wise. 

You should continue using the ordinary hash exactly as you're currently
using it, as doing the hash twice like this gives us almost an HMAC. 

Christian,

I've simplified  crypto_rsa.c  slightly by passing around values of type
gcry_mpi_t  directly instead of encoding them.  There is one helper
routine that releases a  gcry_mpi_t  that was passed in, probably that's
fine, but some might find it unsightly. 

Amusingly, these changes fix an intermittent bug with 512 bit RSA keys
when the hash's value exceeds n.  I wouldn't expect anyone to ever use
512 bit keys, but maybe some non-financial situation with very short
lived keys.

Jeff

signature.asc
Description: This is a digitally signed message part