Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | global reindent, now with uncrustify hook enabled | Christian Grothoff | 2019-10-05 |
| | |||
* | uncrustify as demanded. | ng0 | 2019-09-08 |
| | |||
* | src: for every AGPL3.0 file, add SPDX identifier. | ng0 | 2019-01-14 |
| | |||
* | paragraph for gnunet devs that don't know how to use the web | psyc://loupsycedyglgamf.onion/~lynX | 2018-06-07 |
| | |||
* | glitch in the license text detected by hyazinthe, thank you! | psyc://loupsycedyglgamf.onion/~lynX | 2018-06-07 |
| | |||
* | second batch complete. WE ARE AFFERO AGPL NOW! | psyc://loupsycedyglgamf.onion/~lynX | 2018-06-06 |
| | |||
* | fix build for Taler wallet | Christian Grothoff | 2016-10-13 |
| | |||
* | Rework the error handling for gcd(r,n) != 1 so the Taler wallet can see errors. | Jeff Burdges | 2016-06-08 |
| | |||
* | Use a uniform random number mod an RSA composites for both | Jeff Burdges | 2016-05-30 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the blinding factor and the full domain hash. This resolves an attack against the blinding factor in Taler: There was a call to GNUNET_CRYPTO_kdf in bkey = rsa_blinding_key_derive (len, bks); that gives exactly len bits where len = GNUNET_CRYPTO_rsa_public_key_len (pkey); Now r = 2^(len-1)/pkey.n is the probability that a set high bit being okay, meaning bkey < pkey.n. It follows that (1-r)/2 of the time bkey > pkey.n making the effective bkey be bkey mod pkey.n = bkey - pkey.n so the effective bkey has its high bit set with probability r/2. We expect r to be close to 1/2 if the exchange is honest, but the exchange can choose r otherwise. In blind signing, the exchange sees B = bkey * S mod pkey.n On deposit, the exchange sees S so they can compute bkey' = B/S mod pkey.n for all B they recorded to see if bkey' has it's high bit set. Also, note the exchange can compute 1/S efficiently since they know the factors of pkey.n. I suppose that happens with probability r/(1+r) if its the wrong B, not completely sure. If otoh we've the right B, then we've the probability r/2 of a set high bit in the effective bkey. Interestingly, r^2-r has a maximum at the default r=1/2 anyways, giving the wrong and right probabilities 1/3 and 1/4, respectively. I fear this gives the exchange a meaningful fraction of a bit of information per coin involved in the transaction. It sounds damaging if numerous coins were involved. And it could run across transactions in some scenarios. I suspect we need a more uniform deterministic pseudo-random number generator for blinding factors. Just fyi, our old call to gcry_mpi_randomize had this same problem. I do not believe this caused a problem for the full domain hash, but we can fix it easily enough anyways. | ||
* | fixing #4483: optimize blinding key storage/transmission | Christian Grothoff | 2016-05-24 |
| | |||
* | rename.sh GNUNET_CRYPTO_rsa_BlindingKey to GNUNET_CRYPTO_RsaBlindingKey ↵ | Christian Grothoff | 2016-05-19 |
| | | | | following naming conventions | ||
* | fixing symbol naming and coding convention issues | Christian Grothoff | 2016-03-21 |
| | |||
* | Implement a Full Domain Hash (FDH) for RSA signatures and blind signatures | Jeff Burdges | 2016-03-20 |
| | | | | | | | | | | | | | | | | | This gives a measure of provable security to the Taler exchange/mint against hypothetical one-more forgery attacks. See: https://eprint.iacr.org/2001/002.pdf http://www.di.ens.fr/~pointche/Documents/Papers/2001_fcA.pdf We seed the FDH with the denomination keys as as a homage to RSA-PSS. This may slightly improves the exchanges's resistance to a violation of RSA-KTI and against insiders who can influence the choice of RSA keys but cannot actually exfiltrate them. Adopting FDH fixes a bug when using 512 bit RSA keys as well. | ||
* | -fix (C) notices | Christian Grothoff | 2016-01-19 |
| | |||
* | patch from Nicolas Fournier to add some _dup and _cmp functions for RSA ↵ | Christian Grothoff | 2015-06-30 |
| | | | | signatures and private keys | ||
* | Introduce function to duplicate RSA public keys | Sree Harsha Totakura | 2015-05-28 |
| | |||
* | validate the parsed RSA private key | Sree Harsha Totakura | 2015-05-27 |
| | |||
* | -bringing copyright tags up to FSF standard | Christian Grothoff | 2015-02-07 |
| | |||
* | -fix use after free | Christian Grothoff | 2015-01-30 |
| | |||
* | -fix assertion checking the encoded s-expressions | Sree Harsha Totakura | 2015-01-24 |
| | |||
* | -add a check to bail out on false signatures | Sree Harsha Totakura | 2015-01-22 |
| | |||
* | test failed to compile on my system | Matthias Wachs | 2015-01-16 |
| | |||
* | adding support for blind signatures (modernized version of Taler logic, with ↵ | Christian Grothoff | 2015-01-09 |
| | | | | variable key length) | ||
* | -removing last bits of RSA support, as this code is now dead | Christian Grothoff | 2013-07-18 |
| | |||
* | -trying to address #2791 | Christian Grothoff | 2013-02-11 |
| | |||
* | -fix includes | Christian Grothoff | 2012-09-28 |
| | |||
* | -converting more places to use STRINGS_relative_time_to_string | Christian Grothoff | 2012-09-27 |
| | |||
* | -new API for asyncronous generation of private RSA keys | Christian Grothoff | 2012-07-14 |
| | |||
* | -LRN: use FPRINTF -- #2051 | Christian Grothoff | 2011-12-30 |
| | |||
* | curly wars / auto-indentation | Christian Grothoff | 2011-11-04 |
| | |||
* | converting to GNUNET_LOG_from* | Christian Grothoff | 2011-10-11 |
| | |||
* | even nicer indentation, thanks to LRN's indent patch | Christian Grothoff | 2011-08-16 |
| | |||
* | indentation | Christian Grothoff | 2011-08-15 |
| | |||
* | indentation | Christian Grothoff | 2011-08-15 |
| | |||
* | Fixed typo | Bart Polot | 2011-05-05 |
| | |||
* | Changed GNUNET_TIME_Absolute and GNUNET_TIME_Relative to allow safe ↵ | Matthias Wachs | 2010-10-27 |
| | | | | comparisons between time values | ||
* | nitpicks | Christian Grothoff | 2010-09-03 |
| | |||
* | gpl3 | Christian Grothoff | 2010-07-02 |
| | |||
* | cleaning argz mess | Christian Grothoff | 2010-06-25 |
| | |||
* | fix | Christian Grothoff | 2010-04-13 |
| | |||
* | indenting | Christian Grothoff | 2009-11-08 |
| | |||
* | fixing bio testcase and a bug in bio.c, also indenting | Christian Grothoff | 2009-11-01 |
| | |||
* | fx | Christian Grothoff | 2009-07-12 |
| | |||
* | nitpicks | Christian Grothoff | 2009-07-08 |
| | |||
* | removing server from argument list, other minor fixes | Christian Grothoff | 2009-05-29 |
| | |||
* | ng | Christian Grothoff | 2009-05-29 |