taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

include mint's public key in reply

Browse Source
This commit is contained in:
Christian Grothoff 2015-07-05 17:15:37 +02:00
parent 922323b410
commit 0372b7583b
6 changed files with 64 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/include/taler_mint_service.h
View File

@ -316,13 +316,16 @@ TALER_MINT_get_keys (const struct TALER_MINT_Handle *mint);
/**
* Obtain the current signing key from the mint.
* Test if the given @a pub is a the current signing key from the mint
* according to @a keys.
*
* @param keys the mint's key set
* @return sk current online signing key for the mint, NULL on error
* @param pub claimed current online signing key for the mint
* @return #GNUNET_OK if @a pub is (according to /keys) a current signing key
*/
const struct TALER_MintPublicKeyP *
TALER_MINT_get_signing_key (const struct TALER_MINT_Keys *keys);
int
TALER_MINT_test_signing_key (const struct TALER_MINT_Keys *keys,
const struct TALER_MintPublicKeyP *pub);
/**

13
src/mint-lib/mint_api_deposit.c
View File

@ -129,10 +129,11 @@ verify_deposit_signature_ok (const struct TALER_MINT_DepositHandle *dh,
json_t *json)
{
struct TALER_MintSignatureP mint_sig;
struct TALER_MintPublicKeyP mint_pub;
const struct TALER_MINT_Keys *key_state;
const struct TALER_MintPublicKeyP *mint_pub;
struct MAJ_Specification spec[] = {
MAJ_spec_fixed_auto ("sig", &mint_sig),
MAJ_spec_fixed_auto ("pub", &mint_pub),
MAJ_spec_end
};
@ -144,12 +145,18 @@ verify_deposit_signature_ok (const struct TALER_MINT_DepositHandle *dh,
return GNUNET_SYSERR;
}
key_state = TALER_MINT_get_keys (dh->mint);
mint_pub = TALER_MINT_get_signing_key (key_state);
if (GNUNET_OK !=
TALER_MINT_test_signing_key (key_state,
&mint_pub))
{
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MINT_CONFIRM_DEPOSIT,
&dh->depconf.purpose,
&mint_sig.eddsa_signature,
&mint_pub->eddsa_pub))
&mint_pub.eddsa_pub))
{
GNUNET_break_op (0);
return GNUNET_SYSERR;

34
src/mint-lib/mint_api_handle.c
View File

@ -425,7 +425,7 @@ decode_keys_json (json_t *resp_obj,
struct TALER_MintSignatureP sig;
struct TALER_MintKeySetPS ks;
struct GNUNET_HashContext *hash_context;
const struct TALER_MintPublicKeyP *pub;
struct TALER_MintPublicKeyP pub;
if (JSON_OBJECT != json_typeof (resp_obj))
return GNUNET_SYSERR;
@ -438,6 +438,8 @@ decode_keys_json (json_t *resp_obj,
&key_data->master_pub),
MAJ_spec_fixed_auto ("eddsa_sig",
&sig),
MAJ_spec_fixed_auto ("eddsa_pub",
&pub),
MAJ_spec_absolute_time ("list_issue_date",
&list_issue_date),
MAJ_spec_end
@ -504,13 +506,14 @@ decode_keys_json (json_t *resp_obj,
GNUNET_CRYPTO_hash_context_finish (hash_context,
&ks.hc);
hash_context = NULL;
pub = TALER_MINT_get_signing_key (key_data);
EXITIF (NULL == pub);
EXITIF (GNUNET_OK !=
TALER_MINT_test_signing_key (key_data,
&pub));
EXITIF (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MINT_KEY_SET,
&ks.purpose,
&sig.eddsa_signature,
&pub->eddsa_pub));
&pub.eddsa_pub));
return GNUNET_OK;
EXITIF_exit:
@ -771,23 +774,30 @@ TALER_MINT_disconnect (struct TALER_MINT_Handle *mint)
/**
* Obtain the current signing key from the mint.
* Test if the given @a pub is a the current signing key from the mint
* according to @a keys.
*
* @param keys the mint's key set
* @return sk current online signing key for the mint, NULL on error
* @param pub claimed current online signing key for the mint
* @return #GNUNET_OK if @a pub is (according to /keys) a current signing key
*/
const struct TALER_MintPublicKeyP *
TALER_MINT_get_signing_key (const struct TALER_MINT_Keys *keys)
int
TALER_MINT_test_signing_key (const struct TALER_MINT_Keys *keys,
const struct TALER_MintPublicKeyP *pub)
{
struct GNUNET_TIME_Absolute now;
unsigned int i;
/* we will check using a tolerance of 1h for the time */
now = GNUNET_TIME_absolute_get ();
for (i=0;i<keys->num_sign_keys;i++)
if ( (keys->sign_keys[i].valid_from.abs_value_us <= now.abs_value_us) &&
(keys->sign_keys[i].valid_until.abs_value_us > now.abs_value_us) )
return &keys->sign_keys[i].key;
return NULL;
if ( (keys->sign_keys[i].valid_from.abs_value_us <= now.abs_value_us + 60 * 60 * 1000LL * 1000LL) &&
(keys->sign_keys[i].valid_until.abs_value_us > now.abs_value_us - 60 * 60 * 1000LL * 1000LL) &&
(0 == memcmp (pub,
&keys->sign_keys[i].key,
sizeof (struct TALER_MintPublicKeyP))) )
return GNUNET_OK;
return GNUNET_SYSERR;
}

7
src/mint/taler-mint-httpd_keystate.c
View File

@ -519,13 +519,15 @@ TMH_KS_acquire (void)
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"No valid signing key found!\n");
keys = json_pack ("{s:o, s:o, s:o, s:o, s:o}",
keys = json_pack ("{s:o, s:o, s:o, s:o, s:o, s:o}",
"master_public_key",
TALER_json_from_data (&TMH_master_public_key,
sizeof (struct GNUNET_CRYPTO_EddsaPublicKey)),
"signkeys", key_state->sign_keys_array,
"denoms", key_state->denom_keys_array,
"list_issue_date", TALER_json_from_abs (key_state->reload_time),
"eddsa_pub", TALER_json_from_data (&key_state->current_sign_key_issue.issue.signkey_pub,
sizeof (struct TALER_MintPublicKeyP)),
"eddsa_sig", TALER_json_from_data (&sig,
sizeof (struct TALER_MintSignatureP)));
key_state->keys_json = json_dumps (keys,
@ -714,16 +716,19 @@ read_again:
* Sign the message in @a purpose with the mint's signing key.
*
* @param purpose the message to sign
* @param[out] pub set to the current public signing key of the mint
* @param[out] sig signature over purpose using current signing key
*/
void
TMH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct TALER_MintPublicKeyP *pub,
struct TALER_MintSignatureP *sig)
{
struct TMH_KS_StateHandle *key_state;
key_state = TMH_KS_acquire ();
*pub = key_state->current_sign_key_issue.issue.signkey_pub;
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv,
purpose,

2
src/mint/taler-mint-httpd_keystate.h
View File

@ -110,10 +110,12 @@ TMH_KS_loop (void);
* key.
*
* @param purpose the message to sign
* @param[out] pub set to the current public signing key of the mint
* @param[out] sig signature over purpose using current signing key
*/
void
TMH_KS_sign (const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose,
struct TALER_MintPublicKeyP *pub,
struct TALER_MintSignatureP *sig);

22
src/mint/taler-mint-httpd_responses.c
View File

@ -348,8 +348,8 @@ TMH_RESPONSE_reply_deposit_success (struct MHD_Connection *connection,
const struct TALER_Amount *amount_without_fee)
{
struct TALER_DepositConfirmationPS dc;
struct TALER_MintPublicKeyP pub;
struct TALER_MintSignatureP sig;
json_t *sig_json;
dc.purpose.purpose = htonl (TALER_SIGNATURE_MINT_CONFIRM_DEPOSIT);
dc.purpose.size = htonl (sizeof (struct TALER_DepositConfirmationPS));
@ -363,14 +363,16 @@ TMH_RESPONSE_reply_deposit_success (struct MHD_Connection *connection,
dc.coin_pub = *coin_pub;
dc.merchant = *merchant;
TMH_KS_sign (&dc.purpose,
&pub,
&sig);
sig_json = TALER_json_from_data (&sig,
sizeof (sig));
return TMH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:s, s:o}",
"status", "DEPOSIT_OK",
"sig", sig_json);
"sig", TALER_json_from_data (&sig,
sizeof (sig)),
"pub", TALER_json_from_data (&pub,
sizeof (pub)));
}
@ -735,6 +737,7 @@ TMH_RESPONSE_reply_refresh_melt_success (struct MHD_Connection *connection,
uint16_t noreveal_index)
{
struct TALER_RefreshMeltConfirmationPS body;
struct TALER_MintPublicKeyP pub;
struct TALER_MintSignatureP sig;
json_t *sig_json;
@ -743,15 +746,18 @@ TMH_RESPONSE_reply_refresh_melt_success (struct MHD_Connection *connection,
body.session_hash = *session_hash;
body.noreveal_index = htons (noreveal_index);
TMH_KS_sign (&body.purpose,
&pub,
&sig);
sig_json = TALER_json_from_eddsa_sig (&body.purpose,
&sig.eddsa_signature);
sig_json = TALER_json_from_data (&sig,
sizeof (sig));
GNUNET_assert (NULL != sig_json);
return TMH_RESPONSE_reply_json_pack (connection,
MHD_HTTP_OK,
"{s:i, s:o}",
"{s:i, s:o, s:o}",
"noreveal_index", (int) noreveal_index,
"signature", sig_json);
"mint_sig", sig_json,
"mint_pub", TALER_json_from_data (&pub,
sizeof (pub)));
}