LCOV - code coverage report
Current view: top level - util - crypto.c (source / functions) Hit Total Coverage
Test: GNU Taler exchange coverage report Lines: 75 85 88.2 %
Date: 2021-08-30 06:43:37 Functions: 12 13 92.3 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /*
       2             :   This file is part of TALER
       3             :   Copyright (C) 2014-2017 Taler Systems SA
       4             : 
       5             :   TALER is free software; you can redistribute it and/or modify it under the
       6             :   terms of the GNU General Public License as published by the Free Software
       7             :   Foundation; either version 3, or (at your option) any later version.
       8             : 
       9             :   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
      10             :   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
      11             :   A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
      12             : 
      13             :   You should have received a copy of the GNU General Public License along with
      14             :   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
      15             : */
      16             : /**
      17             :  * @file util/crypto.c
      18             :  * @brief Cryptographic utility functions
      19             :  * @author Sree Harsha Totakura <sreeharsha@totakura.in>
      20             :  * @author Florian Dold
      21             :  * @author Benedikt Mueller
      22             :  * @author Christian Grothoff
      23             :  */
      24             : #include "platform.h"
      25             : #include "taler_util.h"
      26             : #include <gcrypt.h>
      27             : 
      28             : 
      29             : /**
      30             :  * Function called by libgcrypt on serious errors.
      31             :  * Prints an error message and aborts the process.
      32             :  *
      33             :  * @param cls NULL
      34             :  * @param wtf unknown
      35             :  * @param msg error message
      36             :  */
      37             : static void
      38           0 : fatal_error_handler (void *cls,
      39             :                      int wtf,
      40             :                      const char *msg)
      41             : {
      42             :   (void) cls;
      43             :   (void) wtf;
      44           0 :   fprintf (stderr,
      45             :            "Fatal error in libgcrypt: %s\n",
      46             :            msg);
      47           0 :   abort ();
      48             : }
      49             : 
      50             : 
      51             : /**
      52             :  * Initialize libgcrypt.
      53             :  */
      54             : void __attribute__ ((constructor))
      55         807 : TALER_gcrypt_init ()
      56             : {
      57         807 :   gcry_set_fatalerror_handler (&fatal_error_handler,
      58             :                                NULL);
      59         807 :   if (! gcry_check_version (NEED_LIBGCRYPT_VERSION))
      60             :   {
      61           0 :     fprintf (stderr,
      62             :              "libgcrypt version mismatch\n");
      63           0 :     abort ();
      64             :   }
      65             :   /* Disable secure memory (we should never run on a system that
      66             :      even uses swap space for memory). */
      67         807 :   gcry_control (GCRYCTL_DISABLE_SECMEM, 0);
      68         807 :   gcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
      69         807 : }
      70             : 
      71             : 
      72             : enum GNUNET_GenericReturnValue
      73         546 : TALER_test_coin_valid (const struct TALER_CoinPublicInfo *coin_public_info,
      74             :                        const struct TALER_DenominationPublicKey *denom_pub)
      75             : {
      76             :   struct GNUNET_HashCode c_hash;
      77             : #if ENABLE_SANITY_CHECKS
      78             :   struct GNUNET_HashCode d_hash;
      79             : 
      80         546 :   GNUNET_CRYPTO_rsa_public_key_hash (denom_pub->rsa_public_key,
      81             :                                      &d_hash);
      82         546 :   GNUNET_assert (0 ==
      83             :                  GNUNET_memcmp (&d_hash,
      84             :                                 &coin_public_info->denom_pub_hash));
      85             : #endif
      86         546 :   GNUNET_CRYPTO_hash (&coin_public_info->coin_pub,
      87             :                       sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
      88             :                       &c_hash);
      89         546 :   if (GNUNET_OK !=
      90         546 :       GNUNET_CRYPTO_rsa_verify (&c_hash,
      91         546 :                                 coin_public_info->denom_sig.rsa_signature,
      92         546 :                                 denom_pub->rsa_public_key))
      93             :   {
      94           8 :     GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
      95             :                 "coin signature is invalid\n");
      96           8 :     return GNUNET_NO;
      97             :   }
      98         538 :   return GNUNET_YES;
      99             : }
     100             : 
     101             : 
     102             : void
     103          58 : TALER_link_derive_transfer_secret (
     104             :   const struct TALER_CoinSpendPrivateKeyP *coin_priv,
     105             :   const struct TALER_TransferPrivateKeyP *trans_priv,
     106             :   struct TALER_TransferSecretP *ts)
     107             : {
     108             :   struct TALER_CoinSpendPublicKeyP coin_pub;
     109             : 
     110          58 :   GNUNET_CRYPTO_eddsa_key_get_public (&coin_priv->eddsa_priv,
     111             :                                       &coin_pub.eddsa_pub);
     112          58 :   GNUNET_assert (GNUNET_OK ==
     113             :                  GNUNET_CRYPTO_ecdh_eddsa (&trans_priv->ecdhe_priv,
     114             :                                            &coin_pub.eddsa_pub,
     115             :                                            &ts->key));
     116             : 
     117          58 : }
     118             : 
     119             : 
     120             : void
     121          15 : TALER_link_reveal_transfer_secret (
     122             :   const struct TALER_TransferPrivateKeyP *trans_priv,
     123             :   const struct TALER_CoinSpendPublicKeyP *coin_pub,
     124             :   struct TALER_TransferSecretP *transfer_secret)
     125             : {
     126          15 :   GNUNET_assert (GNUNET_OK ==
     127             :                  GNUNET_CRYPTO_ecdh_eddsa (&trans_priv->ecdhe_priv,
     128             :                                            &coin_pub->eddsa_pub,
     129             :                                            &transfer_secret->key));
     130          15 : }
     131             : 
     132             : 
     133             : void
     134           5 : TALER_link_recover_transfer_secret (
     135             :   const struct TALER_TransferPublicKeyP *trans_pub,
     136             :   const struct TALER_CoinSpendPrivateKeyP *coin_priv,
     137             :   struct TALER_TransferSecretP *transfer_secret)
     138             : {
     139           5 :   GNUNET_assert (GNUNET_OK ==
     140             :                  GNUNET_CRYPTO_eddsa_ecdh (&coin_priv->eddsa_priv,
     141             :                                            &trans_pub->ecdhe_pub,
     142             :                                            &transfer_secret->key));
     143           5 : }
     144             : 
     145             : 
     146             : void
     147         164 : TALER_planchet_setup_refresh (const struct TALER_TransferSecretP *secret_seed,
     148             :                               uint32_t coin_num_salt,
     149             :                               struct TALER_PlanchetSecretsP *ps)
     150             : {
     151         164 :   uint32_t be_salt = htonl (coin_num_salt);
     152             : 
     153         164 :   GNUNET_assert (GNUNET_OK ==
     154             :                  GNUNET_CRYPTO_kdf (ps,
     155             :                                     sizeof (*ps),
     156             :                                     &be_salt,
     157             :                                     sizeof (be_salt),
     158             :                                     secret_seed,
     159             :                                     sizeof (*secret_seed),
     160             :                                     "taler-coin-derivation",
     161             :                                     strlen ("taler-coin-derivation"),
     162             :                                     NULL, 0));
     163         164 : }
     164             : 
     165             : 
     166             : void
     167          40 : TALER_planchet_setup_random (struct TALER_PlanchetSecretsP *ps)
     168             : {
     169          40 :   GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_STRONG,
     170             :                               ps,
     171             :                               sizeof (*ps));
     172          40 : }
     173             : 
     174             : 
     175             : enum GNUNET_GenericReturnValue
     176         225 : TALER_planchet_prepare (const struct TALER_DenominationPublicKey *dk,
     177             :                         const struct TALER_PlanchetSecretsP *ps,
     178             :                         struct GNUNET_HashCode *c_hash,
     179             :                         struct TALER_PlanchetDetail *pd)
     180             : {
     181             :   struct TALER_CoinSpendPublicKeyP coin_pub;
     182             : 
     183         225 :   GNUNET_CRYPTO_eddsa_key_get_public (&ps->coin_priv.eddsa_priv,
     184             :                                       &coin_pub.eddsa_pub);
     185         225 :   GNUNET_CRYPTO_hash (&coin_pub.eddsa_pub,
     186             :                       sizeof (struct GNUNET_CRYPTO_EcdsaPublicKey),
     187             :                       c_hash);
     188         225 :   if (GNUNET_YES !=
     189         225 :       TALER_rsa_blind (c_hash,
     190             :                        &ps->blinding_key.bks,
     191             :                        dk->rsa_public_key,
     192             :                        &pd->coin_ev,
     193             :                        &pd->coin_ev_size))
     194             :   {
     195           0 :     GNUNET_break_op (0);
     196           0 :     return GNUNET_SYSERR;
     197             :   }
     198         225 :   GNUNET_CRYPTO_rsa_public_key_hash (dk->rsa_public_key,
     199             :                                      &pd->denom_pub_hash);
     200         225 :   return GNUNET_OK;
     201             : }
     202             : 
     203             : 
     204             : enum GNUNET_GenericReturnValue
     205          55 : TALER_planchet_to_coin (const struct TALER_DenominationPublicKey *dk,
     206             :                         const struct GNUNET_CRYPTO_RsaSignature *blind_sig,
     207             :                         const struct TALER_PlanchetSecretsP *ps,
     208             :                         const struct GNUNET_HashCode *c_hash,
     209             :                         struct TALER_FreshCoin *coin)
     210             : {
     211             :   struct GNUNET_CRYPTO_RsaSignature *sig;
     212             : 
     213          55 :   sig = TALER_rsa_unblind (blind_sig,
     214             :                            &ps->blinding_key.bks,
     215             :                            dk->rsa_public_key);
     216          55 :   if (GNUNET_OK !=
     217          55 :       GNUNET_CRYPTO_rsa_verify (c_hash,
     218             :                                 sig,
     219          55 :                                 dk->rsa_public_key))
     220             :   {
     221           0 :     GNUNET_break_op (0);
     222           0 :     GNUNET_CRYPTO_rsa_signature_free (sig);
     223           0 :     return GNUNET_SYSERR;
     224             :   }
     225          55 :   coin->sig.rsa_signature = sig;
     226          55 :   coin->coin_priv = ps->coin_priv;
     227          55 :   return GNUNET_OK;
     228             : }
     229             : 
     230             : 
     231             : void
     232          26 : TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
     233             :                               uint32_t kappa,
     234             :                               uint32_t num_new_coins,
     235             :                               const struct TALER_RefreshCommitmentEntry *rcs,
     236             :                               const struct TALER_CoinSpendPublicKeyP *coin_pub,
     237             :                               const struct TALER_Amount *amount_with_fee)
     238             : {
     239             :   struct GNUNET_HashContext *hash_context;
     240             : 
     241          26 :   hash_context = GNUNET_CRYPTO_hash_context_start ();
     242             :   /* first, iterate over transfer public keys for hash_context */
     243         104 :   for (unsigned int i = 0; i<kappa; i++)
     244             :   {
     245          78 :     GNUNET_CRYPTO_hash_context_read (hash_context,
     246          78 :                                      &rcs[i].transfer_pub,
     247             :                                      sizeof (struct TALER_TransferPublicKeyP));
     248             :   }
     249             :   /* next, add all of the hashes from the denomination keys to the
     250             :      hash_context */
     251          85 :   for (unsigned int i = 0; i<num_new_coins; i++)
     252             :   {
     253             :     void *buf;
     254             :     size_t buf_size;
     255             : 
     256             :     /* The denomination keys should / must all be identical regardless
     257             :        of what offset we use, so we use [0]. */
     258          59 :     GNUNET_assert (kappa > 0); /* sanity check */
     259          59 :     buf_size = GNUNET_CRYPTO_rsa_public_key_encode (
     260          59 :       rcs[0].new_coins[i].dk->rsa_public_key,
     261             :       &buf);
     262          59 :     GNUNET_CRYPTO_hash_context_read (hash_context,
     263             :                                      buf,
     264             :                                      buf_size);
     265          59 :     GNUNET_free (buf);
     266             :   }
     267             : 
     268             :   /* next, add public key of coin and amount being refreshed */
     269             :   {
     270             :     struct TALER_AmountNBO melt_amountn;
     271             : 
     272          26 :     GNUNET_CRYPTO_hash_context_read (hash_context,
     273             :                                      coin_pub,
     274             :                                      sizeof (struct TALER_CoinSpendPublicKeyP));
     275          26 :     TALER_amount_hton (&melt_amountn,
     276             :                        amount_with_fee);
     277          26 :     GNUNET_CRYPTO_hash_context_read (hash_context,
     278             :                                      &melt_amountn,
     279             :                                      sizeof (struct TALER_AmountNBO));
     280             :   }
     281             : 
     282             :   /* finally, add all the envelopes */
     283         104 :   for (unsigned int i = 0; i<kappa; i++)
     284             :   {
     285          78 :     const struct TALER_RefreshCommitmentEntry *rce = &rcs[i];
     286             : 
     287         255 :     for (unsigned int j = 0; j<num_new_coins; j++)
     288             :     {
     289         177 :       const struct TALER_RefreshCoinData *rcd = &rce->new_coins[j];
     290             : 
     291         177 :       GNUNET_CRYPTO_hash_context_read (hash_context,
     292         177 :                                        rcd->coin_ev,
     293             :                                        rcd->coin_ev_size);
     294             :     }
     295             :   }
     296             : 
     297             :   /* Conclude */
     298          26 :   GNUNET_CRYPTO_hash_context_finish (hash_context,
     299             :                                      &rc->session_hash);
     300          26 : }
     301             : 
     302             : 
     303             : enum GNUNET_GenericReturnValue
     304         249 : TALER_rsa_blind (const struct GNUNET_HashCode *hash,
     305             :                  const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
     306             :                  struct GNUNET_CRYPTO_RsaPublicKey *pkey,
     307             :                  void **buf,
     308             :                  size_t *buf_size)
     309             : {
     310         249 :   return GNUNET_CRYPTO_rsa_blind (hash,
     311             :                                   bks,
     312             :                                   pkey,
     313             :                                   buf,
     314             :                                   buf_size);
     315             : }
     316             : 
     317             : 
     318             : struct GNUNET_CRYPTO_RsaSignature *
     319          60 : TALER_rsa_unblind (const struct GNUNET_CRYPTO_RsaSignature *sig,
     320             :                    const struct GNUNET_CRYPTO_RsaBlindingKeySecret *bks,
     321             :                    struct GNUNET_CRYPTO_RsaPublicKey *pkey)
     322             : {
     323          60 :   return GNUNET_CRYPTO_rsa_unblind (sig,
     324             :                                     bks,
     325             :                                     pkey);
     326             : }
     327             : 
     328             : 
     329             : /* end of crypto.c */

Generated by: LCOV version 1.14