taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

include mint's public key in reply

Browse Source
This commit is contained in:
Christian Grothoff 2015-07-05 17:15:37 +02:00
parent 922323b410
commit 0372b7583b
6 changed files with 64 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/include/taler_mint_service.h
View File

@ -316,13 +316,16 @@ TALER_MINT_get_keys (const struct TALER_MINT_Handle *mint);
/** /**
* Obtain the current signing key from the mint. * Test if the given @a pub is a the current signing key from the mint
* according to @a keys.
* *
* @param keys the mint's key set * @param keys the mint's key set
* @return sk current online signing key for the mint, NULL on error * @param pub claimed current online signing key for the mint
* @return #GNUNET_OK if @a pub is (according to /keys) a current signing key
*/ */
const struct TALER_MintPublicKeyP * int
TALER_MINT_get_signing_key (const struct TALER_MINT_Keys *keys); TALER_MINT_test_signing_key (const struct TALER_MINT_Keys *keys,
const struct TALER_MintPublicKeyP *pub);
/** /**

13
src/mint-lib/mint_api_deposit.c
View File

@ -129,10 +129,11 @@ verify_deposit_signature_ok (const struct TALER_MINT_DepositHandle *dh,
json_t *json) json_t *json)
{ {
struct TALER_MintSignatureP mint_sig; struct TALER_MintSignatureP mint_sig;
struct TALER_MintPublicKeyP mint_pub;
const struct TALER_MINT_Keys *key_state; const struct TALER_MINT_Keys *key_state;
const struct TALER_MintPublicKeyP *mint_pub;
struct MAJ_Specification spec[] = { struct MAJ_Specification spec[] = {
MAJ_spec_fixed_auto ("sig", &mint_sig), MAJ_spec_fixed_auto ("sig", &mint_sig),
MAJ_spec_fixed_auto ("pub", &mint_pub),
MAJ_spec_end MAJ_spec_end
}; };
@ -144,12 +145,18 @@ verify_deposit_signature_ok (const struct TALER_MINT_DepositHandle *dh,
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
key_state = TALER_MINT_get_keys (dh->mint); key_state = TALER_MINT_get_keys (dh->mint);
mint_pub = TALER_MINT_get_signing_key (key_state); if (GNUNET_OK !=
TALER_MINT_test_signing_key (key_state,
&mint_pub))
{
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MINT_CONFIRM_DEPOSIT, GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MINT_CONFIRM_DEPOSIT,
&dh->depconf.purpose, &dh->depconf.purpose,
&mint_sig.eddsa_signature, &mint_sig.eddsa_signature,
&mint_pub->eddsa_pub)) &mint_pub.eddsa_pub))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return GNUNET_SYSERR; return GNUNET_SYSERR;

34
src/mint-lib/mint_api_handle.c
View File

@ -425,7 +425,7 @@ decode_keys_json (json_t *resp_obj,
struct TALER_MintSignatureP sig; struct TALER_MintSignatureP sig;
struct TALER_MintKeySetPS ks; struct TALER_MintKeySetPS ks;
struct GNUNET_HashContext *hash_context; struct GNUNET_HashContext *hash_context;
const struct TALER_MintPublicKeyP *pub; struct TALER_MintPublicKeyP pub;
if (JSON_OBJECT != json_typeof (resp_obj)) if (JSON_OBJECT != json_typeof (resp_obj))
return GNUNET_SYSERR; return GNUNET_SYSERR;
@ -438,6 +438,8 @@ decode_keys_json (json_t *resp_obj,
&key_data->master_pub), &key_data->master_pub),
MAJ_spec_fixed_auto ("eddsa_sig", MAJ_spec_fixed_auto ("eddsa_sig",
&sig), &sig),
MAJ_spec_fixed_auto ("eddsa_pub",
&pub),
MAJ_spec_absolute_time ("list_issue_date", MAJ_spec_absolute_time ("list_issue_date",
&list_issue_date), &list_issue_date),
MAJ_spec_end MAJ_spec_end
@ -504,13 +506,14 @@ decode_keys_json (json_t *resp_obj,
GNUNET_CRYPTO_hash_context_finish (hash_context, GNUNET_CRYPTO_hash_context_finish (hash_context,
&ks.hc); &ks.hc);
hash_context = NULL; hash_context = NULL;
pub = TALER_MINT_get_signing_key (key_data); EXITIF (GNUNET_OK !=
EXITIF (NULL == pub); TALER_MINT_test_signing_key (key_data,
&pub));
EXITIF (GNUNET_OK != EXITIF (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MINT_KEY_SET, GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MINT_KEY_SET,
&ks.purpose, &ks.purpose,
&sig.eddsa_signature, &sig.eddsa_signature,
&pub->eddsa_pub)); &pub.eddsa_pub));
return GNUNET_OK; return GNUNET_OK;
EXITIF_exit: EXITIF_exit:
@ -771,23 +774,30 @@ TALER_MINT_disconnect (struct TALER_MINT_Handle *mint)
/** /**
* Obtain the current signing key from the mint. * Test if the given @a pub is a the current signing key from the mint
* according to @a keys.
* *
* @param keys the mint's key set * @param keys the mint's key set
* @return sk current online signing key for the mint, NULL on error * @param pub claimed current online signing key for the mint
* @return #GNUNET_OK if @a pub is (according to /keys) a current signing key
*/ */
const struct TALER_MintPublicKeyP * int
TALER_MINT_get_signing_key (const struct TALER_MINT_Keys *keys) TALER_MINT_test_signing_key (const struct TALER_MINT_Keys *keys,
const struct TALER_MintPublicKeyP *pub)
{ {
struct GNUNET_TIME_Absolute now; struct GNUNET_TIME_Absolute now;
unsigned int i; unsigned int i;
/* we will check using a tolerance of 1h for the time */
now = GNUNET_TIME_absolute_get (); now = GNUNET_TIME_absolute_get ();
for (i=0;i<keys->num_sign_keys;i++) for (i=0;i<keys->num_sign_keys;i++)
if ( (keys->sign_keys[i].valid_from.abs_value_us <= now.abs_value_us) && if ( (keys->sign_keys[i].valid_from.abs_value_us <= now.abs_value_us + 60 * 60 * 1000LL * 1000LL) &&
(keys->sign_keys[i].valid_until.abs_value_us > now.abs_value_us) ) (keys->sign_keys[i].valid_until.abs_value_us > now.abs_value_us - 60 * 60 * 1000LL * 1000LL) &&
return &keys->sign_keys[i].key; (0 == memcmp (pub,
return NULL; &keys->sign_keys[i].key,
sizeof (struct TALER_MintPublicKeyP))) )
return GNUNET_OK;
return GNUNET_SYSERR;
} }

9
src/mint/taler-mint-httpd_keystate.c
View File

@ -519,13 +519,15 @@ TMH_KS_acquire (void)
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"No valid signing key found!\n"); "No valid signing key found!\n");
keys = json_pack ("{s:o, s:o, s:o, s:o, s:o}", keys = json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o}",
"master_public_key", "master_public_key",
TALER_json_from_data (&TMH_master_public_key, TALER_json_from_data (&TMH_master_public_key,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)), sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)),
"signkeys", key_state->sign_keys_array, "signkeys", key_state->sign_keys_array,
"denoms", key_state->denom_keys_array, "denoms", key_state->denom_keys_array,
"list_issue_date", TALER_json_from_abs (key_state->reload_time), "list_issue_date", TALER_json_from_abs (key_state->reload_time),
"eddsa_pub", TALER_json_from_data (&key_state->current_sign_key_issue.issue.signkey_pub,
sizeof (struct TALER_MintPublicKeyP)),
"eddsa_sig", TALER_json_from_data (&sig, "eddsa_sig", TALER_json_from_data (&sig,
sizeof (struct TALER_MintSignatureP))); sizeof (struct TALER_MintSignatureP)));
key_state->keys_json = json_dumps (keys, key_state->keys_json = json_dumps (keys,
@ -714,16 +716,19 @@ read_again:
* Sign the message in @a purpose with the mint's signing key. * Sign the message in @a purpose with the mint's signing key.
* *
* @param purpose the message to sign * @param purpose the message to sign
* @param[out] pub set to the current public signing key of the mint
* @param[out] sig signature over purpose using current signing key * @param[out] sig signature over purpose using current signing key
*/ */
void void
TMH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, TMH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct TALER_MintSignatureP *sig) struct TALER_MintPublicKeyP *pub,
struct TALER_MintSignatureP *sig)
{ {
struct TMH_KS_StateHandle *key_state; struct TMH_KS_StateHandle *key_state;
key_state = TMH_KS_acquire (); key_state = TMH_KS_acquire ();
*pub = key_state->current_sign_key_issue.issue.signkey_pub;
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv, GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv,
purpose, purpose,

4
src/mint/taler-mint-httpd_keystate.h
View File

@ -74,7 +74,7 @@ enum TMH_KS_DenominationKeyUse {
* The key is to be usd for a /deposit or /refresh (melt) operation. * The key is to be usd for a /deposit or /refresh (melt) operation.
*/ */
TMH_KS_DKU_DEPOSIT TMH_KS_DKU_DEPOSIT
}; };
@ -110,10 +110,12 @@ TMH_KS_loop (void);
* key. * key.
* *
* @param purpose the message to sign * @param purpose the message to sign
* @param[out] pub set to the current public signing key of the mint
* @param[out] sig signature over purpose using current signing key * @param[out] sig signature over purpose using current signing key
*/ */
void void
TMH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, TMH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct TALER_MintPublicKeyP *pub,
struct TALER_MintSignatureP *sig); struct TALER_MintSignatureP *sig);

24
src/mint/taler-mint-httpd_responses.c
View File

@ -348,8 +348,8 @@ TMH_RESPONSE_reply_deposit_success (struct MHD_Connection *connection,
const struct TALER_Amount *amount_without_fee) const struct TALER_Amount *amount_without_fee)
{ {
struct TALER_DepositConfirmationPS dc; struct TALER_DepositConfirmationPS dc;
struct TALER_MintPublicKeyP pub;
struct TALER_MintSignatureP sig; struct TALER_MintSignatureP sig;
json_t *sig_json;
dc.purpose.purpose = htonl (TALER_SIGNATURE_MINT_CONFIRM_DEPOSIT); dc.purpose.purpose = htonl (TALER_SIGNATURE_MINT_CONFIRM_DEPOSIT);
dc.purpose.size = htonl (sizeof (struct TALER_DepositConfirmationPS)); dc.purpose.size = htonl (sizeof (struct TALER_DepositConfirmationPS));
@ -363,14 +363,16 @@ TMH_RESPONSE_reply_deposit_success (struct MHD_Connection *connection,
dc.coin_pub = *coin_pub; dc.coin_pub = *coin_pub;
dc.merchant = *merchant; dc.merchant = *merchant;
TMH_KS_sign (&dc.purpose, TMH_KS_sign (&dc.purpose,
&pub,
&sig); &sig);
sig_json = TALER_json_from_data (&sig,
sizeof (sig));
return TMH_RESPONSE_reply_json_pack (connection, return TMH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK, MHD_HTTP_OK,
"{s:s, s:o}", "{s:s, s:o}",
"status", "DEPOSIT_OK", "status", "DEPOSIT_OK",
"sig", sig_json); "sig", TALER_json_from_data (&sig,
sizeof (sig)),
"pub", TALER_json_from_data (&pub,
sizeof (pub)));
} }
@ -735,6 +737,7 @@ TMH_RESPONSE_reply_refresh_melt_success (struct MHD_Connection *connection,
uint16_t noreveal_index) uint16_t noreveal_index)
{ {
struct TALER_RefreshMeltConfirmationPS body; struct TALER_RefreshMeltConfirmationPS body;
struct TALER_MintPublicKeyP pub;
struct TALER_MintSignatureP sig; struct TALER_MintSignatureP sig;
json_t *sig_json; json_t *sig_json;
@ -743,15 +746,18 @@ TMH_RESPONSE_reply_refresh_melt_success (struct MHD_Connection *connection,
body.session_hash = *session_hash; body.session_hash = *session_hash;
body.noreveal_index = htons (noreveal_index); body.noreveal_index = htons (noreveal_index);
TMH_KS_sign (&body.purpose, TMH_KS_sign (&body.purpose,
&sig); &pub,
sig_json = TALER_json_from_eddsa_sig (&body.purpose, &sig);
&sig.eddsa_signature); sig_json = TALER_json_from_data (&sig,
sizeof (sig));
GNUNET_assert (NULL != sig_json); GNUNET_assert (NULL != sig_json);
return TMH_RESPONSE_reply_json_pack (connection, return TMH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK, MHD_HTTP_OK,
"{s:i, s:o}", "{s:i, s:o, s:o}",
"noreveal_index", (int) noreveal_index, "noreveal_index", (int) noreveal_index,
"signature", sig_json); "mint_sig", sig_json,
"mint_pub", TALER_json_from_data (&pub,
sizeof (pub)));
} }