fix #3484: sign over full key set as well

2015-03-24 17:53:13 +01:00 · 2015-03-24 17:53:13 +01:00 · 324bf3f980
commit 324bf3f980
parent d5acf53732
2 changed files with 51 additions and 2 deletions
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@ -83,6 +83,11 @@
 */
 #define TALER_SIGNATURE_MINT_DEPOSIT 7

+/**
+ * Signature where the Mint confirms the full /keys response set.
+ */
+#define TALER_SIGNATURE_KEYS_SET 8
+

 /***********************/
 /* Merchant signatures */
@ -345,6 +350,31 @@ struct TALER_MINT_SignKeyIssue
 };


+/**
+ * Signature made by the mint over the full set of keys, used
+ * to detect cheating mints that give out different sets to
+ * different users.
+ */
+struct TALER_MINT_KeySetSignature
+{
+
+  /**
+   * Purpose is #TALER_SIGNATURE_KEYS_SET
+   */
+  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
+
+  /**
+   * Time of the key set issue.
+   */
+  struct GNUNET_TIME_AbsoluteNBO list_issue_date;
+
+  /**
+   * Hash over the "inner" JSON with the key set.
+   */
+  struct GNUNET_HashCode hc;
+};
+
+
 /**
 * Information about a denomination key. Denomination keys
 * are used to sign coins of a certain value into existence.
@ -358,7 +388,7 @@ struct TALER_MINT_DenomKeyIssue
  struct TALER_MasterSignature signature;

  /**
-   * Purpose ist #TALER_SIGNATURE_MASTER_DENOM.
+   * Purpose is #TALER_SIGNATURE_MASTER_DENOM.
   */
  struct GNUNET_CRYPTO_EccSignaturePurpose purpose;

--- a/src/mint/taler-mint-httpd_keystate.c
+++ b/src/mint/taler-mint-httpd_keystate.c
@ -378,6 +378,9 @@ TALER_MINT_key_state_acquire (void)
  struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get ();
  struct MintKeyState *key_state;
  json_t *keys;
+  char *inner;
+  struct TALER_MINT_KeySetSignature ks;
+  struct TALER_MintSignature sig;

  GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
  if (internal_key_state->next_reload.abs_value_us <= now.abs_value_us)
@ -413,8 +416,24 @@ TALER_MINT_key_state_acquire (void)
                      "signkeys", key_state->sign_keys_array,
                      "denoms", key_state->denom_keys_array,
                      "list_issue_date", TALER_JSON_from_abs (key_state->reload_time));
+    inner = json_dumps (keys,
+                        JSON_INDENT(2));
+    ks.purpose.size = htonl (sizeof (ks));
+    ks.purpose.purpose = htonl (TALER_SIGNATURE_KEYS_SET);
+    ks.list_issue_date = GNUNET_TIME_absolute_hton (key_state->reload_time);
+    GNUNET_CRYPTO_hash (inner,
+                        strlen (inner),
+                        &ks.hc);
+    GNUNET_free (inner);
+    TALER_MINT_keys_sign (&ks.purpose,
+                          &sig);
+    keys = json_pack ("{s:o, s:o}",
+                      "keys", keys,
+                      "eddsa-signature", TALER_JSON_from_eddsa_sig (&ks.purpose,
+                                                                    &sig.eddsa_signature));
    key_state->keys_json = json_dumps (keys,
-                                       JSON_INDENT(2));
+                                       JSON_INDENT (2));
+    json_decref (keys);
    internal_key_state = key_state;
  }
  key_state = internal_key_state;