LCOV - code coverage report
Current view: top level - util - crypto.c (source / functions) Hit Total Coverage
Test: rcoverage.info Lines: 31 38 81.6 %
Date: 2017-09-17 17:24:28 Functions: 6 7 85.7 %

          Line data    Source code
       1             : /*
       2             :   This file is part of TALER
       3             :   Copyright (C) 2014, 2015 GNUnet e.V.
       4             : 
       5             :   TALER is free software; you can redistribute it and/or modify it under the
       6             :   terms of the GNU General Public License as published by the Free Software
       7             :   Foundation; either version 3, or (at your option) any later version.
       8             : 
       9             :   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
      10             :   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
      11             :   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
      12             : 
      13             :   You should have received a copy of the GNU General Public License along with
      14             :   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
      15             : */
      16             : /**
      17             :  * @file util/crypto.c
      18             :  * @brief Cryptographic utility functions
      19             :  * @author Sree Harsha Totakura <sreeharsha@totakura.in>
      20             :  * @author Florian Dold
      21             :  * @author Benedikt Mueller
      22             :  * @author Christian Grothoff
      23             :  */
      24             : #include "platform.h"
      25             : 
      26             : #if HAVE_GNUNET_GNUNET_UTIL_TALER_WALLET_LIB_H
      27             : #include "taler_util_wallet.h"
      28             : #endif
      29             : #if HAVE_GNUNET_GNUNET_UTIL_LIB_H
      30             : #include "taler_util.h"
      31             : #endif
      32             : #include <gcrypt.h>
      33             : 
      34             : 
      35             : /**
      36             :  * Function called by libgcrypt on serious errors.
      37             :  * Prints an error message and aborts the process.
      38             :  *
      39             :  * @param cls NULL
      40             :  * @param wtf unknown
      41             :  * @param msg error message
      42             :  */
      43             : static void
      44           0 : fatal_error_handler (void *cls,
      45             :                      int wtf,
      46             :                      const char *msg)
      47             : {
      48           0 :   fprintf (stderr,
      49             :            "Fatal error in libgcrypt: %s\n",
      50             :            msg);
      51           0 :   abort();
      52             : }
      53             : 
      54             : 
      55             : /**
      56             :  * Initialize libgcrypt.
      57             :  */
      58             : void  __attribute__ ((constructor))
      59          66 : TALER_gcrypt_init ()
      60             : {
      61          66 :   gcry_set_fatalerror_handler (&fatal_error_handler,
      62             :                                NULL);
      63          66 :   if (! gcry_check_version (NEED_LIBGCRYPT_VERSION))
      64             :   {
      65           0 :     fprintf (stderr,
      66             :              "libgcrypt version mismatch\n");
      67           0 :     abort ();
      68             :   }
      69             :   /* Disable secure memory.  */
      70          66 :   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
      71          66 :   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
      72          66 : }
      73             : 
      74             : 
      75             : /**
      76             :  * Check if a coin is valid; that is, whether the denomination key exists,
      77             :  * is not expired, and the signature is correct.
      78             :  *
      79             :  * @param coin_public_info the coin public info to check for validity
      80             :  * @return #GNUNET_YES if the coin is valid,
      81             :  *         #GNUNET_NO if it is invalid
      82             :  *         #GNUNET_SYSERR if an internal error occured
      83             :  */
      84             : int
      85          27 : TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info)
      86             : {
      87             :   struct GNUNET_HashCode c_hash;
      88             : 
      89          27 :   GNUNET_CRYPTO_hash (&coin_public_info->coin_pub,
      90             :                       sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
      91             :                       &c_hash);
      92          27 :   if (GNUNET_OK !=
      93          27 :       GNUNET_CRYPTO_rsa_verify (&c_hash,
      94          27 :                                 coin_public_info->denom_sig.rsa_signature,
      95          27 :                                 coin_public_info->denom_pub.rsa_public_key))
      96             :   {
      97           0 :     GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
      98             :                 "coin signature is invalid\n");
      99           0 :     return GNUNET_NO;
     100             :   }
     101          27 :   return GNUNET_YES;
     102             : }
     103             : 
     104             : 
     105             : /**
     106             :  * Given the coin and the transfer private keys, compute the
     107             :  * transfer secret.  (Technically, we only need one of the two
     108             :  * private keys, but the caller currently trivially only has
     109             :  * the two private keys, so we derive one of the public keys
     110             :  * internally to this function.)
     111             :  *
     112             :  * @param coin_priv coin key
     113             :  * @param trans_priv transfer private key
     114             :  * @param[out] ts computed transfer secret
     115             :  */
     116             : void
     117           7 : TALER_link_derive_transfer_secret (const struct TALER_CoinSpendPrivateKeyP *coin_priv,
     118             :                                    const struct TALER_TransferPrivateKeyP *trans_priv,
     119             :                                    struct TALER_TransferSecretP *ts)
     120             : {
     121             :   struct TALER_CoinSpendPublicKeyP coin_pub;
     122             : 
     123           7 :   GNUNET_CRYPTO_eddsa_key_get_public (&coin_priv->eddsa_priv,
     124             :                                       &coin_pub.eddsa_pub);
     125           7 :   GNUNET_assert (GNUNET_OK ==
     126             :                  GNUNET_CRYPTO_ecdh_eddsa (&trans_priv->ecdhe_priv,
     127             :                                            &coin_pub.eddsa_pub,
     128             :                                            &ts->key));
     129             : 
     130           7 : }
     131             : 
     132             : 
     133             : /**
     134             :  * Decrypt the shared @a secret from the information in the
     135             :  * @a trans_priv and @a coin_pub.
     136             :  *
     137             :  * @param trans_priv transfer private key
     138             :  * @param coin_pub coin public key
     139             :  * @param[out] transfer_secret set to the shared secret
     140             :  */
     141             : void
     142           5 : TALER_link_reveal_transfer_secret (const struct TALER_TransferPrivateKeyP *trans_priv,
     143             :                                    const struct TALER_CoinSpendPublicKeyP *coin_pub,
     144             :                                    struct TALER_TransferSecretP *transfer_secret)
     145             : {
     146           5 :   GNUNET_assert (GNUNET_OK ==
     147             :                  GNUNET_CRYPTO_ecdh_eddsa (&trans_priv->ecdhe_priv,
     148             :                                            &coin_pub->eddsa_pub,
     149             :                                            &transfer_secret->key));
     150           5 : }
     151             : 
     152             : 
     153             : /**
     154             :  * Decrypt the shared @a secret from the information in the
     155             :  * @a trans_priv and @a coin_pub.
     156             :  *
     157             :  * @param trans_pub transfer private key
     158             :  * @param coin_priv coin public key
     159             :  * @param[out] transfer_secret set to the shared secret
     160             :  */
     161             : void
     162          18 : TALER_link_recover_transfer_secret (const struct TALER_TransferPublicKeyP *trans_pub,
     163             :                                     const struct TALER_CoinSpendPrivateKeyP *coin_priv,
     164             :                                     struct TALER_TransferSecretP *transfer_secret)
     165             : {
     166          18 :   GNUNET_assert (GNUNET_OK ==
     167             :                  GNUNET_CRYPTO_eddsa_ecdh (&coin_priv->eddsa_priv,
     168             :                                            &trans_pub->ecdhe_pub,
     169             :                                            &transfer_secret->key));
     170          18 : }
     171             : 
     172             : 
     173             : /**
     174             :  * Setup information for a fresh coin.
     175             :  *
     176             :  * @param secret_seed seed to use for KDF to derive coin keys
     177             :  * @param coin_num_salt number of the coin to include in KDF
     178             :  * @param[out] fc value to initialize
     179             :  */
     180             : void
     181         189 : TALER_setup_fresh_coin (const struct TALER_TransferSecretP *secret_seed,
     182             :                         unsigned int coin_num_salt,
     183             :                         struct TALER_FreshCoinP *fc)
     184             : {
     185         189 :   uint32_t be_salt = htonl (coin_num_salt);
     186             :   uint8_t *p;
     187             : 
     188         189 :   GNUNET_assert (GNUNET_OK ==
     189             :                  GNUNET_CRYPTO_kdf (fc,
     190             :                                     sizeof (*fc),
     191             :                                     &be_salt,
     192             :                                     sizeof (be_salt),
     193             :                                     secret_seed,
     194             :                                     sizeof (*secret_seed),
     195             :                                     "taler-coin-derivation",
     196             :                                     strlen ("taler-coin-derivation"),
     197             :                                     NULL, 0));
     198             : 
     199             :   /* Taken from like 170-172 of libgcrypt/cipher/ecc.c
     200             :    * We note that libgcrypt stores the private key in the reverse order
     201             :    * from many Ed25519 implementatons. */
     202         189 :   p = (uint8_t *) &(fc->coin_priv);
     203         189 :   p[0] &= 0x7f;  /* Clear bit 255. */
     204         189 :   p[0] |= 0x40;  /* Set bit 254.   */
     205         189 :   p[31] &= 0xf8; /* Clear bits 2..0 so that d mod 8 == 0  */
     206             : 
     207             :   /* FIXME: Run GNUNET_CRYPTO_ecdhe_key_create several times and inspect
     208             :    * the output to verify that the same bits are set and cleared.
     209             :    * Is it worth also adding a test case that runs gcry_pk_testkey on
     210             :    * this key after first parsing it into libgcrypt's s-expression mess
     211             :    * ala decode_private_eddsa_key from gnunet/src/util/crypto_ecc.c?
     212             :    * It'd run check_secret_key but not test_keys from libgcrypt/cipher/ecc.c */
     213         189 : }
     214             : 
     215             : 
     216             : 
     217             : 
     218             : /* end of crypto.c */

Generated by: LCOV version 1.13