taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

do keep signing over DKs even for cherry-picked /keys replies

Browse Source
This commit is contained in:
Christian Grothoff 2017-09-13 21:43:10 +02:00
parent 80a7fe9dcf
commit 36a7ac723e
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
2 changed files with 30 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/exchange-lib/exchange_api_handle.c
View File

@ -285,7 +285,6 @@ parse_json_denomkey (struct TALER_EXCHANGE_DenomPublicKey *denom_key,
struct TALER_DenominationKeyValidityPS denom_key_issue;
struct GNUNET_CRYPTO_RsaPublicKey *pk;
struct GNUNET_CRYPTO_EddsaSignature sig;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("master_sig",
&sig),
@ -320,7 +319,9 @@ parse_json_denomkey (struct TALER_EXCHANGE_DenomPublicKey *denom_key,
return GNUNET_SYSERR;
}
memset (&denom_key_issue, 0, sizeof (denom_key_issue));
memset (&denom_key_issue,
0,
sizeof (denom_key_issue));
GNUNET_CRYPTO_rsa_public_key_hash (pk,
&denom_key_issue.denom_hash);
denom_key_issue.purpose.purpose

28
src/exchange/taler-exchange-httpd_keystate.c
View File

@ -229,6 +229,11 @@ struct ResponseBuilderContext
*/
struct GNUNET_TIME_Absolute last_issue_date;
/**
* Used for computing the hash over all the denomination keys.
*/
struct GNUNET_HashContext *hash_context;
/**
* Flag set to #GNUNET_SYSERR on internal errors
*/
@ -252,6 +257,7 @@ denom_keys_to_json (void *cls,
{
struct ResponseBuilderContext *rbc = cls;
struct TALER_EXCHANGEDB_DenominationKeyIssueInformation *dki = value;
struct GNUNET_HashCode denom_key_hash;
if (rbc->last_issue_date.abs_value_us >=
GNUNET_TIME_absolute_ntoh (dki->issue.properties.start).abs_value_us)
@ -291,6 +297,11 @@ denom_keys_to_json (void *cls,
};
return GNUNET_OK; /* skip, key known to client */
}
GNUNET_CRYPTO_rsa_public_key_hash (dki->denom_pub.rsa_public_key,
&denom_key_hash);
GNUNET_CRYPTO_hash_context_read (rbc->hash_context,
&denom_key_hash,
sizeof (struct GNUNET_HashCode));
if (0 !=
json_array_append_new (rbc->denom_keys_array,
denom_key_issue_to_json (&dki->denom_pub,
@ -1390,13 +1401,25 @@ TEH_KS_handler_keys (struct TEH_RequestHandler *rh,
rbc.denom_keys_array = json_array ();
rbc.auditors_array = json_deep_copy (key_state->auditors_array);
rbc.last_issue_date = last_issue_date;
rbc.hash_context = GNUNET_CRYPTO_hash_context_start ();
GNUNET_CONTAINER_multihashmap_iterate (key_state->denomkey_map,
&denom_keys_to_json,
&rbc);
if (GNUNET_NO == rbc.error)
{
json_t *keys;
struct TALER_ExchangeKeySetPS ks;
struct TALER_ExchangeSignatureP sig;
ks.purpose.size = htonl (sizeof (ks));
ks.purpose.purpose = htonl (TALER_SIGNATURE_EXCHANGE_KEY_SET);
ks.list_issue_date = GNUNET_TIME_absolute_hton (key_state->reload_time);
GNUNET_CRYPTO_hash_context_finish (key_state->hash_context,
&ks.hc);
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (&key_state->current_sign_key_issue.signkey_priv.eddsa_priv,
&ks.purpose,
&sig.eddsa_signature));
keys = json_pack ("{s:s, s:o, s:O, s:o, s:O, s:o, s:o}",
"version", TALER_PROTOCOL_VERSION,
"master_public_key", GNUNET_JSON_from_data_auto (&TEH_master_public_key),
@ -1404,7 +1427,10 @@ TEH_KS_handler_keys (struct TEH_RequestHandler *rh,
"denoms", rbc.denom_keys_array,
"payback", key_state->payback_array,
"auditors", rbc.auditors_array,
"list_issue_date", GNUNET_JSON_from_time_abs (key_state->reload_time));
"list_issue_date", GNUNET_JSON_from_time_abs (key_state->reload_time),
"eddsa_pub", GNUNET_JSON_from_data_auto (&key_state->current_sign_key_issue.issue.signkey_pub),
"eddsa_sig", GNUNET_JSON_from_data_auto (&sig));
rbc.denom_keys_array = NULL;
rbc.auditors_array = NULL;
json = json_dumps (keys,