[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] 81/130: more RSA cleanup
|
From: |
gnunet |
|
Subject: |
[taler-exchange] 81/130: more RSA cleanup |
|
Date: |
Wed, 17 Nov 2021 12:25:29 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository exchange.
commit 938e2ce39c56ae5afc6c12f15be8f49c7edbf2fd
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Nov 6 16:04:26 2021 +0100
more RSA cleanup
---
src/benchmark/taler-aggregator-benchmark.c | 33 +++++++--
src/exchangedb/test_exchangedb.c | 102 ++++++++++++++++++---------
src/testing/testing_api_cmd_insert_deposit.c | 34 +++++++--
src/util/denom.c | 2 +
4 files changed, 123 insertions(+), 48 deletions(-)
diff --git a/src/benchmark/taler-aggregator-benchmark.c
b/src/benchmark/taler-aggregator-benchmark.c
index 35d6af6f..c49f8473 100644
--- a/src/benchmark/taler-aggregator-benchmark.c
+++ b/src/benchmark/taler-aggregator-benchmark.c
@@ -480,10 +480,14 @@ run (void *cls,
GNUNET_TIME_UNIT_YEARS));
{
struct TALER_DenominationPrivateKey pk;
- struct GNUNET_HashCode hc;
struct TALER_DenominationPublicKey denom_pub;
+ struct TALER_CoinPubHash c_hash;
+ struct TALER_PlanchetDetail pd;
+ struct TALER_BlindedDenominationSignature bds;
+ union TALER_DenominationBlindingKeyP bks;
+ struct TALER_CoinSpendPublicKeyP coin_pub;
- RANDOMIZE (&hc);
+ RANDOMIZE (&coin_pub);
GNUNET_assert (GNUNET_OK ==
TALER_denom_priv_create (&pk,
&denom_pub,
@@ -507,10 +511,27 @@ run (void *cls,
global_ret = EXIT_FAILURE;
return;
}
- denom_sig.cipher = TALER_DENOMINATION_RSA;
- denom_sig.details.rsa_signature
- = GNUNET_CRYPTO_rsa_sign_fdh (pk.details.rsa_private_key,
- &hc);
+
+ TALER_blinding_secret_create (&bks);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_blind (&denom_pub,
+ &bks,
+ &coin_pub,
+ &c_hash,
+ &pd.coin_ev,
+ &pd.coin_ev_size));
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_sign_blinded (&bds,
+ &pk,
+ pd.coin_ev,
+ pd.coin_ev_size));
+ GNUNET_free (pd.coin_ev);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_sig_unblind (&denom_sig,
+ &bds,
+ &bks,
+ &denom_pub));
+ TALER_blinded_denom_sig_free (&bds);
TALER_denom_pub_free (&denom_pub);
TALER_denom_priv_free (&pk);
}
diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c
index a1ecfe3d..691639b2 100644
--- a/src/exchangedb/test_exchangedb.c
+++ b/src/exchangedb/test_exchangedb.c
@@ -312,9 +312,9 @@ static struct TALER_Amount amount_with_fee;
#define MELT_NOREVEAL_INDEX 1
/**
- * How big do we make the coin envelopes?
+ * How big do we make the RSA keys?
*/
-#define COIN_ENC_MAX_SIZE 512
+#define RSA_KEY_SIZE 1024
static struct TALER_EXCHANGEDB_RefreshRevealedCoin *revealed_coins;
@@ -609,12 +609,11 @@ test_melting (void)
for (unsigned int cnt = 0; cnt < MELT_NEW_COINS; cnt++)
{
struct TALER_EXCHANGEDB_RefreshRevealedCoin *ccoin;
- struct TALER_BlindedCoinHash hc;
struct GNUNET_TIME_Absolute now;
now = GNUNET_TIME_absolute_get ();
GNUNET_TIME_round_abs (&now);
- new_dkp[cnt] = create_denom_key_pair (1024,
+ new_dkp[cnt] = create_denom_key_pair (RSA_KEY_SIZE,
now,
&value,
&fee_withdraw,
@@ -626,17 +625,17 @@ test_melting (void)
ccoin = &revealed_coins[cnt];
ccoin->coin_ev_size = (size_t) GNUNET_CRYPTO_random_u64 (
GNUNET_CRYPTO_QUALITY_WEAK,
- COIN_ENC_MAX_SIZE);
+ (RSA_KEY_SIZE / 8) - 1);
ccoin->coin_ev = GNUNET_malloc (ccoin->coin_ev_size);
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
ccoin->coin_ev,
ccoin->coin_ev_size);
- RND_BLK (&hc);
ccoin->denom_pub = new_dkp[cnt]->pub;
- ccoin->coin_sig.cipher = TALER_DENOMINATION_RSA;
- ccoin->coin_sig.details.blinded_rsa_signature
- = GNUNET_CRYPTO_rsa_sign_fdh (new_dkp[cnt]->priv.details.rsa_private_key,
- &hc.hash);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_sign_blinded (&ccoin->coin_sig,
+ &new_dkp[cnt]->priv,
+ ccoin->coin_ev,
+ ccoin->coin_ev_size));
}
RND_BLK (&tprivs);
RND_BLK (&tpub);
@@ -658,8 +657,6 @@ test_melting (void)
&refresh_session.rc,
&check_refresh_reveal_cb,
NULL));
-
-
qs = plugin->get_link_data (plugin->cls,
&refresh_session.coin.coin_pub,
&handle_link_data_cb,
@@ -1027,7 +1024,7 @@ test_gc (void)
GNUNET_TIME_relative_multiply (
GNUNET_TIME_UNIT_HOURS,
4));
- dkp = create_denom_key_pair (1024,
+ dkp = create_denom_key_pair (RSA_KEY_SIZE,
past,
&value,
&fee_withdraw,
@@ -1463,7 +1460,6 @@ run (void *cls)
struct TALER_ReservePublicKeyP reserve_pub;
struct TALER_ReservePublicKeyP reserve_pub2;
struct DenomKeyPair *dkp;
- struct TALER_DenominationHash dkp_pub_hash;
struct TALER_MasterSignatureP master_sig;
struct TALER_EXCHANGEDB_CollectableBlindcoin cbc;
struct TALER_EXCHANGEDB_CollectableBlindcoin cbc2;
@@ -1483,6 +1479,8 @@ run (void *cls)
enum GNUNET_DB_QueryStatus qs;
struct GNUNET_TIME_Absolute now;
struct TALER_WireSalt salt;
+ union TALER_DenominationBlindingKeyP bks;
+ struct TALER_CoinPubHash c_hash;
dkp = NULL;
rh = NULL;
@@ -1590,7 +1588,7 @@ run (void *cls)
result = 5;
now = GNUNET_TIME_absolute_get ();
(void) GNUNET_TIME_round_abs (&now);
- dkp = create_denom_key_pair (1024,
+ dkp = create_denom_key_pair (RSA_KEY_SIZE,
now,
&value,
&fee_withdraw,
@@ -1599,14 +1597,31 @@ run (void *cls)
&fee_refund);
GNUNET_assert (NULL != dkp);
TALER_denom_pub_hash (&dkp->pub,
- &dkp_pub_hash);
- RND_BLK (&cbc.h_coin_envelope);
+ &cbc.denom_pub_hash);
RND_BLK (&cbc.reserve_sig);
- cbc.denom_pub_hash = dkp_pub_hash;
- cbc.sig.cipher = TALER_DENOMINATION_RSA;
- cbc.sig.details.blinded_rsa_signature
- = GNUNET_CRYPTO_rsa_sign_fdh (dkp->priv.details.rsa_private_key,
- &cbc.h_coin_envelope.hash);
+ {
+ struct TALER_PlanchetDetail pd;
+ struct TALER_CoinSpendPublicKeyP coin_pub;
+
+ RND_BLK (&coin_pub);
+ TALER_blinding_secret_create (&bks);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_blind (&dkp->pub,
+ &bks,
+ &coin_pub,
+ &c_hash,
+ &pd.coin_ev,
+ &pd.coin_ev_size));
+ TALER_coin_ev_hash (pd.coin_ev,
+ pd.coin_ev_size,
+ &cbc.h_coin_envelope);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_sign_blinded (&cbc.sig,
+ &dkp->priv,
+ pd.coin_ev,
+ pd.coin_ev_size));
+ GNUNET_free (pd.coin_ev);
+ }
cbc.reserve_pub = reserve_pub;
cbc.amount_with_fee = value;
GNUNET_assert (GNUNET_OK ==
@@ -1636,20 +1651,32 @@ run (void *cls)
FAILIF (0 != GNUNET_memcmp (&cbc2.reserve_pub,
&cbc.reserve_pub));
result = 6;
- FAILIF (GNUNET_OK !=
- GNUNET_CRYPTO_rsa_verify (&cbc.h_coin_envelope.hash,
- cbc2.sig.details.blinded_rsa_signature,
- dkp->pub.details.rsa_public_key));
+ {
+ struct TALER_DenominationSignature ds;
+
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_sig_unblind (&ds,
+ &cbc2.sig,
+ &bks,
+ &dkp->pub));
+ FAILIF (GNUNET_OK !=
+ TALER_denom_pub_verify (&dkp->pub,
+ &ds,
+ &c_hash));
+ }
RND_BLK (&coin_sig);
RND_BLK (&coin_blind);
RND_BLK (&deposit.coin.coin_pub);
TALER_denom_pub_hash (&dkp->pub,
&deposit.coin.denom_pub_hash);
- deposit.coin.denom_sig.cipher = TALER_DENOMINATION_RSA;
- deposit.coin.denom_sig.details.rsa_signature =
- cbc.sig.details.blinded_rsa_signature;
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_sig_unblind (&deposit.coin.denom_sig,
+ &cbc.sig,
+ &bks,
+ &dkp->pub));
+
deadline = GNUNET_TIME_absolute_get ();
(void) GNUNET_TIME_round_abs (&deadline);
FAILIF (TALER_EXCHANGEDB_CKS_ADDED !=
@@ -1800,16 +1827,20 @@ run (void *cls)
NULL));
FAILIF (3 != auditor_row_cnt);
+
/* Tests for deposits */
+ TALER_denom_sig_free (&deposit.coin.denom_sig);
memset (&deposit,
0,
sizeof (deposit));
RND_BLK (&deposit.coin.coin_pub);
TALER_denom_pub_hash (&dkp->pub,
&deposit.coin.denom_pub_hash);
- deposit.coin.denom_sig.cipher = TALER_DENOMINATION_RSA;
- deposit.coin.denom_sig.details.rsa_signature =
- cbc.sig.details.blinded_rsa_signature;
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_sig_unblind (&deposit.coin.denom_sig,
+ &cbc.sig,
+ &bks,
+ &dkp->pub));
RND_BLK (&deposit.csig);
RND_BLK (&deposit.merchant_pub);
RND_BLK (&deposit.h_contract_terms);
@@ -1969,7 +2000,7 @@ run (void *cls)
RND_BLK (&master_sig);
FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT !=
plugin->insert_denomination_revocation (plugin->cls,
- &dkp_pub_hash,
+ &cbc.denom_pub_hash,
&master_sig));
FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS !=
plugin->commit (plugin->cls));
@@ -1979,7 +2010,7 @@ run (void *cls)
"test-4"));
FAILIF (GNUNET_DB_STATUS_SUCCESS_NO_RESULTS !=
plugin->insert_denomination_revocation (plugin->cls,
- &dkp_pub_hash,
+ &cbc.denom_pub_hash,
&master_sig));
plugin->rollback (plugin->cls);
plugin->preflight (plugin->cls);
@@ -1992,7 +2023,7 @@ run (void *cls)
FAILIF (GNUNET_DB_STATUS_SUCCESS_ONE_RESULT !=
plugin->get_denomination_revocation (plugin->cls,
- &dkp_pub_hash,
+ &cbc.denom_pub_hash,
&msig,
&rev_rowid));
FAILIF (0 != GNUNET_memcmp (&msig,
@@ -2143,6 +2174,7 @@ drop:
plugin->drop_tables (plugin->cls));
if (NULL != dkp)
destroy_denom_key_pair (dkp);
+ TALER_denom_sig_free (&deposit.coin.denom_sig);
TALER_blinded_denom_sig_free (&cbc.sig);
TALER_blinded_denom_sig_free (&cbc2.sig);
dkp = NULL;
diff --git a/src/testing/testing_api_cmd_insert_deposit.c
b/src/testing/testing_api_cmd_insert_deposit.c
index 88ced9c2..10d33fde 100644
--- a/src/testing/testing_api_cmd_insert_deposit.c
+++ b/src/testing/testing_api_cmd_insert_deposit.c
@@ -138,7 +138,6 @@ insert_deposit_run (void *cls,
struct TALER_EXCHANGEDB_DenominationKeyInformationP issue;
struct TALER_DenominationPublicKey dpk;
struct TALER_DenominationPrivateKey denom_priv;
- struct GNUNET_HashCode hc;
// prepare and store issue first.
fake_issue (&issue);
@@ -201,12 +200,33 @@ insert_deposit_run (void *cls,
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_WEAK,
&deposit.coin.coin_pub,
sizeof (deposit.coin.coin_pub));
- GNUNET_CRYPTO_hash_create_random (GNUNET_CRYPTO_QUALITY_WEAK,
- &hc);
- deposit.coin.denom_sig.cipher = TALER_DENOMINATION_RSA;
- deposit.coin.denom_sig.details.rsa_signature
- = GNUNET_CRYPTO_rsa_sign_fdh (denom_priv.details.rsa_private_key,
- &hc);
+ {
+ struct TALER_CoinPubHash c_hash;
+ struct TALER_PlanchetDetail pd;
+ struct TALER_BlindedDenominationSignature bds;
+ union TALER_DenominationBlindingKeyP bks;
+
+ TALER_blinding_secret_create (&bks);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_blind (&dpk,
+ &bks,
+ &deposit.coin.coin_pub,
+ &c_hash,
+ &pd.coin_ev,
+ &pd.coin_ev_size));
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_sign_blinded (&bds,
+ &denom_priv,
+ pd.coin_ev,
+ pd.coin_ev_size));
+ GNUNET_free (pd.coin_ev);
+ GNUNET_assert (GNUNET_OK ==
+ TALER_denom_sig_unblind (&deposit.coin.denom_sig,
+ &bds,
+ &bks,
+ &dpk));
+ TALER_blinded_denom_sig_free (&bds);
+ }
GNUNET_asprintf (&deposit.receiver_wire_account,
"payto://x-taler-bank/localhost/%s",
ids->merchant_account);
diff --git a/src/util/denom.c b/src/util/denom.c
index d159b21b..cdcfc5c3 100644
--- a/src/util/denom.c
+++ b/src/util/denom.c
@@ -353,6 +353,8 @@ TALER_blinded_denom_sig_free (
{
switch (denom_sig->cipher)
{
+ case TALER_DENOMINATION_INVALID:
+ return;
case TALER_DENOMINATION_RSA:
if (NULL != denom_sig->details.blinded_rsa_signature)
{
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [taler-exchange] 84/130: move extension options to external table, (continued)
- [taler-exchange] 84/130: move extension options to external table, gnunet, 2021/11/17
- [taler-exchange] 109/130: get first KYC test to pass, gnunet, 2021/11/17
- [taler-exchange] 85/130: include h_extensions in deposit confirmation, gnunet, 2021/11/17
- [taler-exchange] 72/130: abstract denomination keys a bit more, gnunet, 2021/11/17
- [taler-exchange] 105/130: add KYC test skeleton, gnunet, 2021/11/17
- [taler-exchange] 122/130: readme, gnunet, 2021/11/17
- [taler-exchange] 123/130: -fix rval, gnunet, 2021/11/17
- [taler-exchange] 76/130: -brks, gnunet, 2021/11/17
- [taler-exchange] 87/130: SQL fix, gnunet, 2021/11/17
- [taler-exchange] 129/130: towards merging with master, gnunet, 2021/11/17
- [taler-exchange] 81/130: more RSA cleanup,
gnunet <=
- [taler-exchange] 104/130: implement OAuth 2.0 service, gnunet, 2021/11/17