taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix #3484: sign over full key set as well

Browse Source
This commit is contained in:
Christian Grothoff 2015-03-24 17:53:13 +01:00
parent d5acf53732
commit 324bf3f980
2 changed files with 51 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/include/taler_signatures.h
View File

@ -83,6 +83,11 @@
*/ */
#define TALER_SIGNATURE_MINT_DEPOSIT 7 #define TALER_SIGNATURE_MINT_DEPOSIT 7
/**
* Signature where the Mint confirms the full /keys response set.
*/
#define TALER_SIGNATURE_KEYS_SET 8
/***********************/ /***********************/
/* Merchant signatures */ /* Merchant signatures */
@ -345,6 +350,31 @@ struct TALER_MINT_SignKeyIssue
}; };
/**
* Signature made by the mint over the full set of keys, used
* to detect cheating mints that give out different sets to
* different users.
*/
struct TALER_MINT_KeySetSignature
{
/**
* Purpose is #TALER_SIGNATURE_KEYS_SET
*/
struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
/**
* Time of the key set issue.
*/
struct GNUNET_TIME_AbsoluteNBO list_issue_date;
/**
* Hash over the "inner" JSON with the key set.
*/
struct GNUNET_HashCode hc;
};
/** /**
* Information about a denomination key. Denomination keys * Information about a denomination key. Denomination keys
* are used to sign coins of a certain value into existence. * are used to sign coins of a certain value into existence.
@ -358,7 +388,7 @@ struct TALER_MINT_DenomKeyIssue
struct TALER_MasterSignature signature; struct TALER_MasterSignature signature;
/** /**
* Purpose ist #TALER_SIGNATURE_MASTER_DENOM. * Purpose is #TALER_SIGNATURE_MASTER_DENOM.
*/ */
struct GNUNET_CRYPTO_EccSignaturePurpose purpose; struct GNUNET_CRYPTO_EccSignaturePurpose purpose;

21
src/mint/taler-mint-httpd_keystate.c
View File

@ -378,6 +378,9 @@ TALER_MINT_key_state_acquire (void)
struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get (); struct GNUNET_TIME_Absolute now = GNUNET_TIME_absolute_get ();
struct MintKeyState *key_state; struct MintKeyState *key_state;
json_t *keys; json_t *keys;
char *inner;
struct TALER_MINT_KeySetSignature ks;
struct TALER_MintSignature sig;
GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex)); GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
if (internal_key_state->next_reload.abs_value_us <= now.abs_value_us) if (internal_key_state->next_reload.abs_value_us <= now.abs_value_us)
@ -413,8 +416,24 @@ TALER_MINT_key_state_acquire (void)
"signkeys", key_state->sign_keys_array, "signkeys", key_state->sign_keys_array,
"denoms", key_state->denom_keys_array, "denoms", key_state->denom_keys_array,
"list_issue_date", TALER_JSON_from_abs (key_state->reload_time)); "list_issue_date", TALER_JSON_from_abs (key_state->reload_time));
inner = json_dumps (keys,
JSON_INDENT(2));
ks.purpose.size = htonl (sizeof (ks));
ks.purpose.purpose = htonl (TALER_SIGNATURE_KEYS_SET);
ks.list_issue_date = GNUNET_TIME_absolute_hton (key_state->reload_time);
GNUNET_CRYPTO_hash (inner,
strlen (inner),
&ks.hc);
GNUNET_free (inner);
TALER_MINT_keys_sign (&ks.purpose,
&sig);
keys = json_pack ("{s:o, s:o}",
"keys", keys,
"eddsa-signature", TALER_JSON_from_eddsa_sig (&ks.purpose,
&sig.eddsa_signature));
key_state->keys_json = json_dumps (keys, key_state->keys_json = json_dumps (keys,
JSON_INDENT(2)); JSON_INDENT (2));
json_decref (keys);
internal_key_state = key_state; internal_key_state = key_state;
} }
key_state = internal_key_state; key_state = internal_key_state;