taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

clean up struct TALER_ExchangeSigningKeyValidityPS

Browse Source 
(long-standing fixme: should not have contained the signature itself)
This commit is contained in:
Christian Grothoff 2018-10-27 18:39:12 +02:00
parent bfd8a6fa68
commit 60fe2395fd
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
6 changed files with 40 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
src/exchange-lib/exchange_api_handle.c
View File

@ -42,9 +42,9 @@
#define TALER_PROTOCOL_AGE 0 #define TALER_PROTOCOL_AGE 0
/** /**
* Current version for (local) JSON serialization of persisted * Current version for (local) JSON serialization of persisted
* /keys data. * /keys data.
*/ */
#define TALER_SERIALIZATION_FORMAT_VERSION 0 #define TALER_SERIALIZATION_FORMAT_VERSION 0
@ -223,9 +223,10 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key,
const struct TALER_MasterPublicKeyP *master_key) const struct TALER_MasterPublicKeyP *master_key)
{ {
struct TALER_ExchangeSigningKeyValidityPS sign_key_issue; struct TALER_ExchangeSigningKeyValidityPS sign_key_issue;
struct TALER_MasterSignatureP sign_key_issue_sig;
struct GNUNET_JSON_Specification spec[] = { struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_fixed_auto ("master_sig", GNUNET_JSON_spec_fixed_auto ("master_sig",
&sign_key->master_sig), &sign_key_issue_sig),
GNUNET_JSON_spec_fixed_auto ("key", GNUNET_JSON_spec_fixed_auto ("key",
&sign_key->key), &sign_key->key),
GNUNET_JSON_spec_absolute_time ("stamp_start", GNUNET_JSON_spec_absolute_time ("stamp_start",
@ -250,10 +251,7 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key,
return GNUNET_OK; return GNUNET_OK;
sign_key_issue.signkey_pub = sign_key->key; sign_key_issue.signkey_pub = sign_key->key;
sign_key_issue.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY); sign_key_issue.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY);
sign_key_issue.purpose.size = sign_key_issue.purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS));
htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS)
- offsetof (struct TALER_ExchangeSigningKeyValidityPS,
purpose));
sign_key_issue.master_public_key = *master_key; sign_key_issue.master_public_key = *master_key;
sign_key_issue.start = GNUNET_TIME_absolute_hton (sign_key->valid_from); sign_key_issue.start = GNUNET_TIME_absolute_hton (sign_key->valid_from);
sign_key_issue.expire = GNUNET_TIME_absolute_hton (sign_key->valid_until); sign_key_issue.expire = GNUNET_TIME_absolute_hton (sign_key->valid_until);
@ -261,7 +259,7 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key,
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
&sign_key_issue.purpose, &sign_key_issue.purpose,
&sign_key->master_sig.eddsa_signature, &sign_key_issue_sig.eddsa_signature,
&master_key->eddsa_pub)) &master_key->eddsa_pub))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
@ -477,7 +475,7 @@ parse_json_auditor (struct TALER_EXCHANGE_AuditorInformation *auditor,
TALER_amount_hton (&kv.fee_refund, TALER_amount_hton (&kv.fee_refund,
&dk->fee_refund); &dk->fee_refund);
kv.denom_hash = dk->h_key; kv.denom_hash = dk->h_key;
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS, GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_AUDITOR_EXCHANGE_KEYS,
&kv.purpose, &kv.purpose,
@ -527,7 +525,7 @@ decode_keys_json (const json_t *resp_obj,
&sig), &sig),
GNUNET_JSON_spec_fixed_auto ("eddsa_pub", GNUNET_JSON_spec_fixed_auto ("eddsa_pub",
&pub), &pub),
/* sig and pub must be first, as we skip those if /* sig and pub must be first, as we skip those if
check_sig is false! */ check_sig is false! */
GNUNET_JSON_spec_fixed_auto ("master_public_key", GNUNET_JSON_spec_fixed_auto ("master_public_key",
&key_data->master_pub), &key_data->master_pub),
@ -591,11 +589,11 @@ decode_keys_json (const json_t *resp_obj,
NULL, NULL)); NULL, NULL));
/* parse the master public key and issue date of the response */ /* parse the master public key and issue date of the response */
if (check_sig) if (check_sig)
hash_context = GNUNET_CRYPTO_hash_context_start (); hash_context = GNUNET_CRYPTO_hash_context_start ();
else else
hash_context = NULL; hash_context = NULL;
/* parse the signing keys */ /* parse the signing keys */
{ {
json_t *sign_keys_array; json_t *sign_keys_array;
@ -1157,7 +1155,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange,
GNUNET_JSON_spec_end() GNUNET_JSON_spec_end()
}; };
struct TALER_EXCHANGE_Keys key_data; struct TALER_EXCHANGE_Keys key_data;
if (NULL == data) if (NULL == data)
return; return;
if (GNUNET_OK != if (GNUNET_OK !=
@ -1175,7 +1173,7 @@ deserialize_data (struct TALER_EXCHANGE_Handle *exchange,
{ {
GNUNET_break (0); GNUNET_break (0);
return; return;
} }
memset (&key_data, memset (&key_data,
0, 0,
sizeof (struct TALER_EXCHANGE_Keys)); sizeof (struct TALER_EXCHANGE_Keys));
@ -1226,7 +1224,7 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange)
{ {
const struct TALER_EXCHANGE_SigningPublicKey *sk = &kd->sign_keys[i]; const struct TALER_EXCHANGE_SigningPublicKey *sk = &kd->sign_keys[i];
json_t *signkey; json_t *signkey;
if (now.abs_value_us > sk->valid_until.abs_value_us) if (now.abs_value_us > sk->valid_until.abs_value_us)
continue; /* skip keys that have expired */ continue; /* skip keys that have expired */
signkey = json_pack ("{s:o, s:o, s:o, s:o, s:o}", signkey = json_pack ("{s:o, s:o, s:o, s:o, s:o}",
@ -1247,13 +1245,13 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange)
} }
json_array_append_new (signkeys, json_array_append_new (signkeys,
signkey); signkey);
} }
denoms = json_array (); denoms = json_array ();
for (unsigned int i=0;i<kd->num_denom_keys;i++) for (unsigned int i=0;i<kd->num_denom_keys;i++)
{ {
const struct TALER_EXCHANGE_DenomPublicKey *dk = &kd->denom_keys[i]; const struct TALER_EXCHANGE_DenomPublicKey *dk = &kd->denom_keys[i];
json_t *denom; json_t *denom;
if (now.abs_value_us > dk->expire_deposit.abs_value_us) if (now.abs_value_us > dk->expire_deposit.abs_value_us)
continue; /* skip keys that have expired */ continue; /* skip keys that have expired */
denom = json_pack ("{s:o, s:o, s:o, s:o, s:o " denom = json_pack ("{s:o, s:o, s:o, s:o, s:o "
@ -1290,13 +1288,13 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange)
} }
json_array_append_new (denoms, json_array_append_new (denoms,
denom); denom);
} }
auditors = json_array (); auditors = json_array ();
for (unsigned int i=0;i<kd->num_auditors;i++) for (unsigned int i=0;i<kd->num_auditors;i++)
{ {
const struct TALER_EXCHANGE_AuditorInformation *ai = &kd->auditors[i]; const struct TALER_EXCHANGE_AuditorInformation *ai = &kd->auditors[i];
json_t *a; json_t *a;
json_t *adenoms; json_t *adenoms;
adenoms = json_array (); adenoms = json_array ();
for (unsigned int j=0;j<ai->num_denom_keys;j++) for (unsigned int j=0;j<ai->num_denom_keys;j++)
@ -1319,7 +1317,7 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange)
json_array_append_new (adenoms, json_array_append_new (adenoms,
k); k);
} }
a = json_pack ("{s:s, s:o, s:o}", a = json_pack ("{s:s, s:o, s:o}",
"auditor_pub", "auditor_pub",
GNUNET_JSON_from_data_auto (&ai->auditor_pub), GNUNET_JSON_from_data_auto (&ai->auditor_pub),
@ -1334,11 +1332,11 @@ TALER_EXCHANGE_serialize_data (struct TALER_EXCHANGE_Handle *exchange)
} }
json_array_append_new (auditors, json_array_append_new (auditors,
a); a);
} }
keys = json_pack ("{s:s, s:o, s:o, s:o, s:o" keys = json_pack ("{s:s, s:o, s:o, s:o, s:o"
",s:o, s:o}", ",s:o, s:o}",
/* 1 */ /* 1 */
"version", "version",
kd->version, kd->version,
"master_public_key", "master_public_key",
GNUNET_JSON_from_data_auto (&kd->master_pub), GNUNET_JSON_from_data_auto (&kd->master_pub),
@ -1414,7 +1412,7 @@ TALER_EXCHANGE_connect (struct GNUNET_CURL_Context *ctx,
case TALER_EXCHANGE_OPTION_DATA: case TALER_EXCHANGE_OPTION_DATA:
{ {
const json_t *data = va_arg (ap, const json_t *); const json_t *data = va_arg (ap, const json_t *);
deserialize_data (exchange, deserialize_data (exchange,
data); data);
break; break;

6
src/exchange-tools/taler-exchange-keycheck.c
View File

@ -64,9 +64,7 @@ signkeys_iter (void *cls,
(GNUNET_TIME_absolute_ntoh (ski->issue.start))); (GNUNET_TIME_absolute_ntoh (ski->issue.start)));
if (ntohl (ski->issue.purpose.size) != if (ntohl (ski->issue.purpose.size) !=
(sizeof (struct TALER_ExchangeSigningKeyValidityPS) - (sizeof (struct TALER_ExchangeSigningKeyValidityPS)))
offsetof (struct TALER_ExchangeSigningKeyValidityPS,
purpose)))
{ {
fprintf (stderr, fprintf (stderr,
"Signing key `%s' has invalid purpose size\n", "Signing key `%s' has invalid purpose size\n",
@ -85,7 +83,7 @@ signkeys_iter (void *cls,
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
&ski->issue.purpose, &ski->issue.purpose,
&ski->issue.signature.eddsa_signature, &ski->master_sig.eddsa_signature,
&ski->issue.master_public_key.eddsa_pub)) &ski->issue.master_public_key.eddsa_pub))
{ {
fprintf (stderr, fprintf (stderr,

7
src/exchange-tools/taler-exchange-keyup.c
View File

@ -472,14 +472,11 @@ create_signkey_issue_priv (struct GNUNET_TIME_Absolute start,
GNUNET_CRYPTO_eddsa_key_get_public (&pi->signkey_priv.eddsa_priv, GNUNET_CRYPTO_eddsa_key_get_public (&pi->signkey_priv.eddsa_priv,
&issue->signkey_pub.eddsa_pub); &issue->signkey_pub.eddsa_pub);
issue->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY); issue->purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY);
issue->purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS) - issue->purpose.size = htonl (sizeof (struct TALER_ExchangeSigningKeyValidityPS));
offsetof (struct TALER_ExchangeSigningKeyValidityPS,
purpose));
GNUNET_assert (GNUNET_OK == GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (&master_priv.eddsa_priv, GNUNET_CRYPTO_eddsa_sign (&master_priv.eddsa_priv,
&issue->purpose, &issue->purpose,
&issue->signature.eddsa_signature)); &pi->master_sig.eddsa_signature));
} }

14
src/exchange/taler-exchange-httpd_keystate.c
View File

@ -795,10 +795,12 @@ reload_keys_denom_iter (void *cls,
* Convert the public part of a sign key issue to a JSON object. * Convert the public part of a sign key issue to a JSON object.
* *
* @param ski the sign key issue * @param ski the sign key issue
* @param ski_sig signature over @a ski
* @return a JSON object describing the sign key issue (public part) * @return a JSON object describing the sign key issue (public part)
*/ */
static json_t * static json_t *
sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski) sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski,
struct TALER_MasterSignatureP *ski_sig)
{ {
return return
json_pack ("{s:o, s:o, s:o, s:o, s:o}", json_pack ("{s:o, s:o, s:o, s:o, s:o}",
@ -809,7 +811,7 @@ sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski)
"stamp_end", "stamp_end",
GNUNET_JSON_from_time_abs (GNUNET_TIME_absolute_ntoh (ski->end)), GNUNET_JSON_from_time_abs (GNUNET_TIME_absolute_ntoh (ski->end)),
"master_sig", "master_sig",
GNUNET_JSON_from_data_auto (&ski->signature), GNUNET_JSON_from_data_auto (ski_sig),
"key", "key",
GNUNET_JSON_from_data_auto (&ski->signkey_pub)); GNUNET_JSON_from_data_auto (&ski->signkey_pub));
} }
@ -823,6 +825,7 @@ sign_key_issue_to_json (const struct TALER_ExchangeSigningKeyValidityPS *ski)
* @param cls closure with the `struct ResponseFactoryContext *` * @param cls closure with the `struct ResponseFactoryContext *`
* @param filename name of the file the key came from * @param filename name of the file the key came from
* @param ski the sign key issue * @param ski the sign key issue
* @param ski_sig signature over @a ski
* @return #GNUNET_OK to continue to iterate, * @return #GNUNET_OK to continue to iterate,
* #GNUNET_NO to stop iteration with no error, * #GNUNET_NO to stop iteration with no error,
* #GNUNET_SYSERR to abort iteration with error! * #GNUNET_SYSERR to abort iteration with error!
@ -878,7 +881,8 @@ reload_keys_sign_iter (void *cls,
} }
GNUNET_assert (0 == GNUNET_assert (0 ==
json_array_append_new (rfc->sign_keys_array, json_array_append_new (rfc->sign_keys_array,
sign_key_issue_to_json (&ski->issue))); sign_key_issue_to_json (&ski->issue,
&ski->master_sig)));
return GNUNET_OK; return GNUNET_OK;
} }
@ -1670,7 +1674,7 @@ TEH_KS_acquire_ (const char *location)
(internal_key_state->next_reload.abs_value_us <= now.abs_value_us) ) (internal_key_state->next_reload.abs_value_us <= now.abs_value_us) )
{ {
struct TEH_KS_StateHandle *ks = internal_key_state; struct TEH_KS_StateHandle *ks = internal_key_state;
internal_key_state = NULL; internal_key_state = NULL;
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"KS released in acquire due to expiration\n"); "KS released in acquire due to expiration\n");
@ -1976,7 +1980,7 @@ TEH_KS_free ()
if (NULL != internal_key_state) if (NULL != internal_key_state)
{ {
struct TEH_KS_StateHandle *ks = internal_key_state; struct TEH_KS_StateHandle *ks = internal_key_state;
internal_key_state = NULL; internal_key_state = NULL;
TEH_KS_release (ks); TEH_KS_release (ks);
} }

6
src/include/taler_exchangedb_lib.h
View File

@ -55,10 +55,16 @@ struct TALER_EXCHANGEDB_PrivateSigningKeyInformationP
*/ */
struct TALER_ExchangePrivateKeyP signkey_priv; struct TALER_ExchangePrivateKeyP signkey_priv;
/**
* Signature over @e issue
*/
struct TALER_MasterSignatureP master_sig;
/** /**
* Public information about a exchange signing key. * Public information about a exchange signing key.
*/ */
struct TALER_ExchangeSigningKeyValidityPS issue; struct TALER_ExchangeSigningKeyValidityPS issue;
}; };

7
src/include/taler_signatures.h
View File

@ -607,13 +607,6 @@ struct TALER_RefreshMeltConfirmationPS
*/ */
struct TALER_ExchangeSigningKeyValidityPS struct TALER_ExchangeSigningKeyValidityPS
{ {
/**
* Signature over the signing key (by the master key of the exchange).
*
* FIXME: should be moved outside of the "PS" struct, this is ugly.
* (and makes this struct different from all of the others)
*/
struct TALER_MasterSignatureP signature;
/** /**
* Purpose is #TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY. * Purpose is #TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY.