taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

centralize (most) offline signing/verifying operations into offline_signatures.c

Browse Source
This commit is contained in:
Christian Grothoff 2020-12-04 20:29:18 +01:00
parent 9b290fb26b
commit 6cceb617af
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
24 changed files with 692 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/auditor/taler-auditor-httpd_deposit-confirmation.c
View File

@ -111,10 +111,13 @@ verify_and_execute_deposit_confirmation (
{ {
/* Not in cache, need to verify the signature, persist it, and possibly cache it */ /* Not in cache, need to verify the signature, persist it, and possibly cache it */
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, TALER_exchange_offline_signkey_validity_verify (
&skv, &es->exchange_pub,
&es->master_sig.eddsa_signature, es->ep_start,
&es->master_public_key.eddsa_pub)) es->ep_expire,
es->ep_end,
&es->master_public_key,
&es->master_sig))
{ {
TALER_LOG_WARNING ("Invalid signature on exchange signing key\n"); TALER_LOG_WARNING ("Invalid signature on exchange signing key\n");
return TALER_MHD_reply_with_error (connection, return TALER_MHD_reply_with_error (connection,

26
src/auditor/taler-helper-auditor-aggregation.c
View File

@ -944,25 +944,15 @@ get_wire_fee (struct AggregationContext *ac,
easily make this one up, but it means that we have proof that the master easily make this one up, but it means that we have proof that the master
key was used for inconsistent wire fees if a merchant complains.) */ key was used for inconsistent wire fees if a merchant complains.) */
{ {
struct TALER_MasterWireFeePS wf = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_FEES),
.purpose.size = htonl (sizeof (wf)),
.start_date = GNUNET_TIME_absolute_hton (wfi->start_date),
.end_date = GNUNET_TIME_absolute_hton (wfi->end_date)
};
GNUNET_CRYPTO_hash (method,
strlen (method) + 1,
&wf.h_wire_method);
TALER_amount_hton (&wf.wire_fee,
&wfi->wire_fee);
TALER_amount_hton (&wf.closing_fee,
&wfi->closing_fee);
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_WIRE_FEES, TALER_exchange_offline_wire_fee_verify (
&wf, method,
&master_sig.eddsa_signature, wfi->start_date,
&TALER_ARL_master_pub.eddsa_pub)) wfi->end_date,
&wfi->wire_fee,
&wfi->closing_fee,
&TALER_ARL_master_pub,
&master_sig))
{ {
report_row_inconsistency ("wire-fee", report_row_inconsistency ("wire-fee",
timestamp.abs_value_us, timestamp.abs_value_us,

16
src/auditor/taler-helper-auditor-coins.c
View File

@ -715,19 +715,11 @@ init_denomination (const struct GNUNET_HashCode *denom_hash,
if (0 < qs) if (0 < qs)
{ {
/* check revocation signature */ /* check revocation signature */
struct TALER_MasterDenominationKeyRevocationPS rm = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED),
.purpose.size = htonl (sizeof (rm)),
.h_denom_pub = *denom_hash
};
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify ( TALER_exchange_offline_denomination_revoke_verify (
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED, denom_hash,
&rm, &TALER_ARL_master_pub,
&msig.eddsa_signature, &msig))
&TALER_ARL_master_pub.eddsa_pub))
{ {
report_row_inconsistency ("denomination revocations", report_row_inconsistency ("denomination revocations",
rowid, rowid,

17
src/auditor/taler-helper-auditor-reserves.c
View File

@ -747,20 +747,11 @@ handle_recoup_by_reserve (
} }
else else
{ {
/* verify msig */
struct TALER_MasterDenominationKeyRevocationPS kr = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED),
.purpose.size = htonl (sizeof (kr)),
.h_denom_pub = coin->denom_pub_hash
};
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify ( TALER_exchange_offline_denomination_revoke_verify (
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED, &coin->denom_pub_hash,
&kr, &TALER_ARL_master_pub,
&msig.eddsa_signature, &msig))
&TALER_ARL_master_pub.eddsa_pub))
{ {
rev = "master signature invalid"; rev = "master signature invalid";
} }

4
src/exchange-tools/taler-exchange-offline.c
View File

@ -574,7 +574,9 @@ do_revoke_denomination_key (char *const *args)
if (GNUNET_OK != if (GNUNET_OK !=
load_offline_key ()) load_offline_key ())
return; return;
// FIXME: do sign, create master_sig! TALER_exchange_offline_denomination_revoke_sign (&h_denom_pub,
&master_priv,
&master_sig);
output_operation ("revoke-denomination", output_operation ("revoke-denomination",
json_pack ("{s:o, s:o}", json_pack ("{s:o, s:o}",
"h_denom_pub", "h_denom_pub",

18
src/exchange/taler-exchange-httpd_management_denominations_HDP_revoke.c
View File

@ -56,20 +56,11 @@ TEH_handler_management_denominations_HDP_revoke (
if (GNUNET_NO == res) if (GNUNET_NO == res)
return MHD_YES; /* failure */ return MHD_YES; /* failure */
} }
{
struct TALER_MasterDenominationKeyRevocationPS rm = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED),
.purpose.size = htonl (sizeof (rm)),
.h_denom_pub = *h_denom_pub
};
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify ( TALER_exchange_offline_denomination_revoke_verify (
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED, h_denom_pub,
&rm, &TEH_master_public_key,
&master_sig.eddsa_signature, &master_sig))
&TEH_master_public_key.eddsa_pub))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return TALER_MHD_reply_with_error ( return TALER_MHD_reply_with_error (
@ -78,7 +69,6 @@ TEH_handler_management_denominations_HDP_revoke (
TALER_EC_EXCHANGE_MANAGEMENT_DENOMINATION_REVOKE_SIGNATURE_INVALID, TALER_EC_EXCHANGE_MANAGEMENT_DENOMINATION_REVOKE_SIGNATURE_INVALID,
NULL); NULL);
} }
}
qs = TEH_plugin->insert_denomination_revocation (TEH_plugin->cls, qs = TEH_plugin->insert_denomination_revocation (TEH_plugin->cls,
NULL, NULL,
h_denom_pub, h_denom_pub,

24
src/exchange/taler-exchange-httpd_management_post_keys.c
View File

@ -269,23 +269,15 @@ add_keys (void *cls,
/* check signature is valid */ /* check signature is valid */
{ {
struct TALER_ExchangeSigningKeyValidityPS skv = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY),
.purpose.size = htonl (sizeof (skv)),
.master_public_key = TEH_master_public_key,
.start = x,
.expire = y,
.end = z,
.signkey_pub = akc->s_sigs[i].exchange_pub
};
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify ( TALER_exchange_offline_signkey_validity_verify (
TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, &akc->s_sigs[i].exchange_pub,
&skv, x,
&akc->s_sigs[i].master_sig.eddsa_signature, y,
&TEH_master_public_key.eddsa_pub)) z,
&TEH_master_public_key,
&
& akc->s_sigs[i].master_sig))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return TALER_MHD_reply_with_error ( return TALER_MHD_reply_with_error (

17
src/exchange/taler-exchange-httpd_management_signkey_EP_revoke.c
View File

@ -56,20 +56,10 @@ TEH_handler_management_signkeys_EP_revoke (
if (GNUNET_NO == res) if (GNUNET_NO == res)
return MHD_YES; /* failure */ return MHD_YES; /* failure */
} }
{
struct TALER_MasterSigningKeyRevocationPS rm = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED),
.purpose.size = htonl (sizeof (rm)),
.exchange_pub = *exchange_pub
};
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify ( TALER_exchange_offline_signkey_revoke_verify (exchange_pub,
TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED, &TEH_master_public_key,
&rm, &master_sig))
&master_sig.eddsa_signature,
&TEH_master_public_key.eddsa_pub))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return TALER_MHD_reply_with_error ( return TALER_MHD_reply_with_error (
@ -78,7 +68,6 @@ TEH_handler_management_signkeys_EP_revoke (
TALER_EC_EXCHANGE_MANAGEMENT_SIGNKEY_REVOKE_SIGNATURE_INVALID, TALER_EC_EXCHANGE_MANAGEMENT_SIGNKEY_REVOKE_SIGNATURE_INVALID,
NULL); NULL);
} }
}
qs = TEH_plugin->insert_signkey_revocation (TEH_plugin->cls, qs = TEH_plugin->insert_signkey_revocation (TEH_plugin->cls,
NULL, NULL,
exchange_pub, exchange_pub,

19
src/exchange/taler-exchange-httpd_management_wire.c
View File

@ -168,21 +168,11 @@ TEH_handler_management_denominations_wire (
if (GNUNET_NO == res) if (GNUNET_NO == res)
return MHD_YES; /* failure */ return MHD_YES; /* failure */
} }
{
struct TALER_MasterAddWirePS aw = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_ADD_WIRE),
.purpose.size = htonl (sizeof (aw)),
.start_date = GNUNET_TIME_absolute_hton (awc.validity_start),
};
TALER_exchange_wire_signature_hash (awc.payto_uri,
&aw.h_wire);
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify ( TALER_exchange_offline_wire_add_verify (awc.payto_uri,
TALER_SIGNATURE_MASTER_ADD_WIRE, awc.validity_start,
&aw, &TEH_master_public_key,
&awc.master_sig_add.eddsa_signature, &awc.master_sig_add))
&TEH_master_public_key.eddsa_pub))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return TALER_MHD_reply_with_error ( return TALER_MHD_reply_with_error (
@ -191,7 +181,6 @@ TEH_handler_management_denominations_wire (
TALER_EC_EXCHANGE_MANAGEMENT_WIRE_ADD_SIGNATURE_INVALID, TALER_EC_EXCHANGE_MANAGEMENT_WIRE_ADD_SIGNATURE_INVALID,
NULL); NULL);
} }
}
if (GNUNET_OK != if (GNUNET_OK !=
TALER_exchange_wire_signature_check (awc.payto_uri, TALER_exchange_wire_signature_check (awc.payto_uri,
&TEH_master_public_key, &TEH_master_public_key,

21
src/exchange/taler-exchange-httpd_management_wire_disable.c
View File

@ -161,22 +161,12 @@ TEH_handler_management_denominations_wire_disable (
if (GNUNET_NO == res) if (GNUNET_NO == res)
return MHD_YES; /* failure */ return MHD_YES; /* failure */
} }
{
struct TALER_MasterDelWirePS aw = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_DEL_WIRE),
.purpose.size = htonl (sizeof (aw)),
.end_date = GNUNET_TIME_absolute_hton (awc.validity_end),
};
TALER_exchange_wire_signature_hash (awc.payto_uri,
&aw.h_wire);
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify ( TALER_exchange_offline_wire_del_verify (
TALER_SIGNATURE_MASTER_DEL_WIRE, awc.payto_uri,
&aw, awc.validity_end,
&awc.master_sig.eddsa_signature, &TEH_master_public_key,
&TEH_master_public_key.eddsa_pub)) &awc.master_sig))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return TALER_MHD_reply_with_error ( return TALER_MHD_reply_with_error (
@ -185,7 +175,6 @@ TEH_handler_management_denominations_wire_disable (
TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DEL_SIGNATURE_INVALID, TALER_EC_EXCHANGE_MANAGEMENT_WIRE_DEL_SIGNATURE_INVALID,
NULL); NULL);
} }
}
qs = TEH_DB_run_transaction (connection, qs = TEH_DB_run_transaction (connection,
"del wire", "del wire",
&ret, &ret,

29
src/exchange/taler-exchange-httpd_management_wire_fees.c
View File

@ -221,27 +221,15 @@ TEH_handler_management_post_wire_fees (
TEH_currency); TEH_currency);
} }
{
struct TALER_MasterWireFeePS wf = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_FEES),
.purpose.size = htonl (sizeof (wf)),
.start_date = GNUNET_TIME_absolute_hton (afc.start_time),
.end_date = GNUNET_TIME_absolute_hton (afc.end_time),
};
TALER_amount_hton (&wf.wire_fee,
&afc.wire_fee);
TALER_amount_hton (&wf.closing_fee,
&afc.closing_fee);
GNUNET_CRYPTO_hash (afc.wire_method,
strlen (afc.wire_method) + 1,
&wf.h_wire_method);
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify ( TALER_exchange_offline_wire_fee_verify (
TALER_SIGNATURE_MASTER_WIRE_FEES, afc.wire_method,
&wf, afc.start_time,
&afc.master_sig.eddsa_signature, afc.end_time,
&TEH_master_public_key.eddsa_pub)) &afc.wire_fee,
&afc.closing_fee,
&TEH_master_public_key,
&afc.master_sig))
{ {
/* signature invalid */ /* signature invalid */
GNUNET_break_op (0); GNUNET_break_op (0);
@ -251,7 +239,6 @@ TEH_handler_management_post_wire_fees (
TALER_EC_EXCHANGE_MANAGEMENT_WIRE_FEE_SIGNATURE_INVALID, TALER_EC_EXCHANGE_MANAGEMENT_WIRE_FEE_SIGNATURE_INVALID,
NULL); NULL);
} }
}
qs = TEH_DB_run_transaction (connection, qs = TEH_DB_run_transaction (connection,
"add wire fee", "add wire fee",

38
src/exchangedb/exchangedb_denomkeys.c
View File

@ -22,6 +22,7 @@
* @author Christian Grothoff * @author Christian Grothoff
*/ */
#include "platform.h" #include "platform.h"
#include "taler_crypto_lib.h"
#include "taler_exchangedb_lib.h" #include "taler_exchangedb_lib.h"
@ -67,18 +68,9 @@ TALER_EXCHANGEDB_denomination_key_revoke (
int ret; int ret;
struct RevocationFileP rd; struct RevocationFileP rd;
{ TALER_exchange_offline_denomination_revoke_sign (denom_hash,
struct TALER_MasterDenominationKeyRevocationPS rm = { mpriv,
.purpose.purpose = htonl ( &rd.msig);
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED),
.purpose.size = htonl (sizeof (rm)),
.h_denom_pub = *denom_hash
};
GNUNET_CRYPTO_eddsa_sign (&mpriv->eddsa_priv,
&rm,
&rd.msig.eddsa_signature);
}
GNUNET_asprintf (&fn, GNUNET_asprintf (&fn,
"%s" DIR_SEPARATOR_STR "%s" DIR_SEPARATOR_STR
"%s.rev", "%s.rev",
@ -464,20 +456,11 @@ revocations_iterate_cb (void *cls,
return GNUNET_OK; return GNUNET_OK;
} }
{
struct TALER_MasterDenominationKeyRevocationPS rm = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED),
.purpose.size = htonl (sizeof (rm)),
.h_denom_pub = rf.denom_hash
};
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify ( TALER_exchange_offline_denomination_revoke_verify (
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED, &rf.denom_hash,
&rm, ric->master_pub,
&rf.msig.eddsa_signature, &rf.msig))
&ric->master_pub->eddsa_pub))
{ {
GNUNET_log (GNUNET_ERROR_TYPE_ERROR, GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Invalid revocation file `%s' found and ignored (bad signature)\n", "Invalid revocation file `%s' found and ignored (bad signature)\n",
@ -487,11 +470,10 @@ revocations_iterate_cb (void *cls,
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"Denomination key `%s' was revoked!\n", "Denomination key `%s' was revoked!\n",
GNUNET_h2s (&rm.h_denom_pub)); GNUNET_h2s (&rf.denom_hash));
return ric->it (ric->it_cls, return ric->it (ric->it_cls,
&rm.h_denom_pub, &rf.denom_hash,
&rf.msig); &rf.msig);
}
} }

214
src/include/taler_crypto_lib.h
View File

@ -1050,9 +1050,221 @@ TALER_CRYPTO_helper_esign_disconnect (
struct TALER_CRYPTO_ExchangeSignHelper *esh); struct TALER_CRYPTO_ExchangeSignHelper *esh);
/* ********************* offline signing ************************** */
/**
* Create denomination revocation signature.
*
* @param h_denom_pub hash of public denomination key to revoke
* @param master_priv private key to sign with
* @param[out] master_sig where to write the signature
*/
void
TALER_exchange_offline_denomination_revoke_sign (
const struct GNUNET_HashCode *h_denom_pub,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig);
/**
* Verify denomination revocation signature.
*
* @param h_denom_pub hash of public denomination key to revoke
* @param master_pub public key to verify against
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
int
TALER_exchange_offline_denomination_revoke_verify (
const struct GNUNET_HashCode *h_denom_pub,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig);
/**
* Create signkey revocation signature.
*
* @param exchange_pub public signing key to revoke
* @param master_priv private key to sign with
* @param[out] master_sig where to write the signature
*/
void
TALER_exchange_offline_signkey_revoke_sign (
const struct TALER_ExchangePublicKeyP *exchange_pub,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig);
/**
* Verify signkey revocation signature.
*
* @param exchange_pub public signkey key to revoke
* @param master_pub public key to verify against
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
int
TALER_exchange_offline_signkey_revoke_verify (
const struct TALER_ExchangePublicKeyP *exchange_pub,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig);
/**
* Create signkey validity signature.
*
* @param exchange_pub public signing key to validate
* @param start_sign starting point of validity for signing
* @param end_sign end point (exclusive) for validity for signing
* @param end_legal legal end point of signature validity
* @param master_priv private key to sign with
* @param[out] master_sig where to write the signature
*/
void
TALER_exchange_offline_signkey_validity_sign (
const struct TALER_ExchangePublicKeyP *exchange_pub,
struct GNUNET_TIME_Absolute start_sign,
struct GNUNET_TIME_Absolute end_sign,
struct GNUNET_TIME_Absolute end_legal,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig);
/**
* Verify signkey validitity signature.
*
* @param exchange_pub public signkey key to validate
* @param start_sign starting point of validity for signing
* @param end_sign end point (exclusive) for validity for signing
* @param end_legal legal end point of signature validity
* @param master_pub public key to verify against
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
int
TALER_exchange_offline_signkey_validity_verify (
const struct TALER_ExchangePublicKeyP *exchange_pub,
struct GNUNET_TIME_Absolute start_sign,
struct GNUNET_TIME_Absolute end_sign,
struct GNUNET_TIME_Absolute end_legal,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig);
/* **************** /wire account offline signing **************** */ /* **************** /wire account offline signing **************** */
/**
* Create wire fee signature.
*
* @param payment_method the payment method
* @param start_time when do the fees start to apply
* @param end_time when do the fees start to apply
* @param wire_fee the wire fee
* @param closing_fee the closing fee
* @param master_priv private key to sign with
* @param[out] master_sig where to write the signature
*/
void
TALER_exchange_offline_wire_fee_sign (
const char *payment_method,
struct GNUNET_TIME_Absolute start_time,
struct GNUNET_TIME_Absolute end_time,
const struct TALER_Amount *wire_fee,
const struct TALER_Amount *closing_fee,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig);
/**
* Verify wire fee signature.
*
* @param payment_method the payment method
* @param start_time when do the fees start to apply
* @param end_time when do the fees start to apply
* @param wire_fee the wire fee
* @param closing_fee the closing fee
* @param master_pub public key to verify against
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
int
TALER_exchange_offline_wire_fee_verify (
const char *payment_method,
struct GNUNET_TIME_Absolute start_time,
struct GNUNET_TIME_Absolute end_time,
const struct TALER_Amount *wire_fee,
const struct TALER_Amount *closing_fee,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig);
/**
* Create wire account addition signature.
*
* @param payto_uri bank account
* @param now timestamp to use for the signature (rounded)
* @param master_priv private key to sign with
* @param[out] master_sig where to write the signature
*/
void
TALER_exchange_offline_wire_add_sign (
const char *payto_uri,
struct GNUNET_TIME_Absolute now,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig);
/**
* Verify wire account addition signature.
*
* @param payto_uri bank account
* @param sign_time timestamp when signature was created
* @param master_pub public key to verify against
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
int
TALER_exchange_offline_wire_add_verify (
const char *payto_uri,
struct GNUNET_TIME_Absolute sign_time,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig);
/**
* Create wire account removal signature.
*
* @param payto_uri bank account
* @param now timestamp to use for the signature (rounded)
* @param master_priv private key to sign with
* @param[out] master_sig where to write the signature
*/
void
TALER_exchange_offline_wire_del_sign (
const char *payto_uri,
struct GNUNET_TIME_Absolute now,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig);
/**
* Verify wire account deletion signature.
*
* @param payto_uri bank account
* @param sign_time timestamp when signature was created
* @param master_pub public key to verify against
* @param master_sig the signature the signature
* @return #GNUNET_OK if the signature is valid
*/
int
TALER_exchange_offline_wire_del_verify (
const char *payto_uri,
struct GNUNET_TIME_Absolute sign_time,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig);
/** /**
* Compute the hash of the given wire details. The resulting * Compute the hash of the given wire details. The resulting
* hash is what is signed by the master key. * hash is what is signed by the master key.
@ -1068,7 +1280,7 @@ TALER_exchange_wire_signature_hash (const char *payto_uri,
/** /**
* Check the signature in @a master_sig. * Check the signature in @a master_sig.
* *
* @param payto_uri URL that is signed * @param payto_uri URI that is signed
* @param master_pub master public key of the exchange * @param master_pub master public key of the exchange
* @param master_sig signature of the exchange * @param master_sig signature of the exchange
* @return #GNUNET_OK if signature is valid * @return #GNUNET_OK if signature is valid

23
src/lib/auditor_api_deposit_confirmation.c
View File

@ -208,28 +208,19 @@ verify_signatures (const struct GNUNET_HashCode *h_wire,
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
} }
{
struct TALER_ExchangeSigningKeyValidityPS sv = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY),
.purpose.size = htonl (sizeof (sv)),
.master_public_key = *master_pub,
.start = GNUNET_TIME_absolute_hton (ep_start),
.expire = GNUNET_TIME_absolute_hton (ep_expire),
.end = GNUNET_TIME_absolute_hton (ep_end),
.signkey_pub = *exchange_pub
};
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, TALER_exchange_offline_signkey_validity_verify (
&sv, exchange_pub,
&master_sig->eddsa_signature, ep_start,
&master_pub->eddsa_pub)) ep_expire,
ep_end,
master_pub,
master_sig))
{ {
GNUNET_break (0); GNUNET_break (0);
TALER_LOG_WARNING ("Invalid signature on exchange signing key!\n"); TALER_LOG_WARNING ("Invalid signature on exchange signing key!\n");
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
}
if (0 == GNUNET_TIME_absolute_get_remaining (ep_end).rel_value_us) if (0 == GNUNET_TIME_absolute_get_remaining (ep_end).rel_value_us)
{ {
GNUNET_break (0); GNUNET_break (0);

23
src/lib/exchange_api_handle.c
View File

@ -394,27 +394,18 @@ parse_json_signkey (struct TALER_EXCHANGE_SigningPublicKey *sign_key,
if (! check_sigs) if (! check_sigs)
return GNUNET_OK; return GNUNET_OK;
{
struct TALER_ExchangeSigningKeyValidityPS sign_key_issue = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY),
.purpose.size = htonl (sizeof (sign_key_issue)),
.signkey_pub = sign_key->key,
.master_public_key = *master_key,
.start = GNUNET_TIME_absolute_hton (sign_key->valid_from),
.expire = GNUNET_TIME_absolute_hton (sign_key->valid_until),
.end = GNUNET_TIME_absolute_hton (sign_key->valid_legal)
};
if (GNUNET_OK != if (GNUNET_OK !=
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY, TALER_exchange_offline_signkey_validity_verify
&sign_key_issue, (&sign_key->key,
&sign_key_issue_sig.eddsa_signature, sign_key->valid_from,
&master_key->eddsa_pub)) sign_key->valid_until,
sign_key->valid_legal,
master_key,
&sign_key_issue_sig))
{ {
GNUNET_break_op (0); GNUNET_break_op (0);
return GNUNET_SYSERR; return GNUNET_SYSERR;
} }
}
sign_key->master_sig = sign_key_issue_sig; sign_key->master_sig = sign_key_issue_sig;
return GNUNET_OK; return GNUNET_OK;
} }

13
src/testing/testing_api_cmd_revoke_denom_key.c
View File

@ -187,16 +187,9 @@ revoke_run (void *cls,
} }
else else
{ {
struct TALER_MasterDenominationKeyRevocationPS kv = { TALER_exchange_offline_denomination_revoke_sign (&denom_pub->h_key,
.purpose.purpose = htonl ( &is->master_priv,
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED), &master_sig);
.purpose.size = htonl (sizeof (kv)),
.h_denom_pub = denom_pub->h_key
};
GNUNET_CRYPTO_eddsa_sign (&is->master_priv.eddsa_priv,
&kv,
&master_sig.eddsa_signature);
} }
rs->kh = TALER_EXCHANGE_management_revoke_denomination_key ( rs->kh = TALER_EXCHANGE_management_revoke_denomination_key (
is->ctx, is->ctx,

13
src/testing/testing_api_cmd_revoke_sign_key.c
View File

@ -187,16 +187,9 @@ revoke_run (void *cls,
} }
else else
{ {
struct TALER_MasterSigningKeyRevocationPS kv = { TALER_exchange_offline_signkey_revoke_sign (exchange_pub,
.purpose.purpose = htonl ( &is->master_priv,
TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED), &master_sig);
.purpose.size = htonl (sizeof (kv)),
.exchange_pub = *exchange_pub
};
GNUNET_CRYPTO_eddsa_sign (&is->master_priv.eddsa_priv,
&kv,
&master_sig.eddsa_signature);
} }
rs->kh = TALER_EXCHANGE_management_revoke_signing_key ( rs->kh = TALER_EXCHANGE_management_revoke_signing_key (
is->ctx, is->ctx,

24
src/testing/testing_api_cmd_set_wire_fee.c
View File

@ -152,23 +152,13 @@ wire_add_run (void *cls,
} }
else else
{ {
struct TALER_MasterWireFeePS kv = { TALER_exchange_offline_wire_fee_sign (ds->wire_method,
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_FEES), start_time,
.purpose.size = htonl (sizeof (kv)), end_time,
.start_date = GNUNET_TIME_absolute_hton (start_time), &wire_fee,
.end_date = GNUNET_TIME_absolute_hton (end_time), &closing_fee,
}; &is->master_priv,
&master_sig);
GNUNET_CRYPTO_hash (ds->wire_method,
strlen (ds->wire_method) + 1,
&kv.h_wire_method);
TALER_amount_hton (&kv.wire_fee,
&wire_fee);
TALER_amount_hton (&kv.closing_fee,
&closing_fee);
GNUNET_CRYPTO_eddsa_sign (&is->master_priv.eddsa_priv,
&kv,
&master_sig.eddsa_signature);
} }
ds->dh = TALER_EXCHANGE_management_set_wire_fees ( ds->dh = TALER_EXCHANGE_management_set_wire_fees (
is->ctx, is->ctx,

15
src/testing/testing_api_cmd_wire_add.c
View File

@ -126,17 +126,10 @@ wire_add_run (void *cls,
} }
else else
{ {
struct TALER_MasterAddWirePS kv = { TALER_exchange_offline_wire_add_sign (ds->payto_uri,
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_ADD_WIRE), now,
.purpose.size = htonl (sizeof (kv)), &is->master_priv,
.start_date = GNUNET_TIME_absolute_hton (now), &master_sig1);
};
TALER_exchange_wire_signature_hash (ds->payto_uri,
&kv.h_wire);
GNUNET_CRYPTO_eddsa_sign (&is->master_priv.eddsa_priv,
&kv,
&master_sig1.eddsa_signature);
TALER_exchange_wire_signature_make (ds->payto_uri, TALER_exchange_wire_signature_make (ds->payto_uri,
&is->master_priv, &is->master_priv,
&master_sig2); &master_sig2);

15
src/testing/testing_api_cmd_wire_del.c
View File

@ -122,17 +122,10 @@ wire_del_run (void *cls,
} }
else else
{ {
struct TALER_MasterDelWirePS kv = { TALER_exchange_offline_wire_del_sign (ds->payto_uri,
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_DEL_WIRE), now,
.purpose.size = htonl (sizeof (kv)), &is->master_priv,
.end_date = GNUNET_TIME_absolute_hton (now), &master_sig);
};
TALER_exchange_wire_signature_hash (ds->payto_uri,
&kv.h_wire);
GNUNET_CRYPTO_eddsa_sign (&is->master_priv.eddsa_priv,
&kv,
&master_sig.eddsa_signature);
} }
ds->dh = TALER_EXCHANGE_management_disable_wire ( ds->dh = TALER_EXCHANGE_management_disable_wire (
is->ctx, is->ctx,

1
src/util/Makefile.am
View File

@ -68,6 +68,7 @@ libtalerutil_la_SOURCES = \
getopt.c \ getopt.c \
lang.c \ lang.c \
mhd.c \ mhd.c \
offline_signatures.c \
payto.c \ payto.c \
taler_error_codes.c \ taler_error_codes.c \
url.c \ url.c \

314
src/util/offline_signatures.c Normal file
View File

@ -0,0 +1,314 @@
/*
This file is part of TALER
Copyright (C) 2020 Taler Systems SA
TALER is free software; you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation; either version 3, or (at your option) any later version.
TALER is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with
TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
*/
/**
* @file offline_signatures.c
* @brief Utility functions for Taler exchange offline signatures
* @author Christian Grothoff
*/
#include "platform.h"
#include "taler_util.h"
#include "taler_signatures.h"
void
TALER_exchange_offline_denomination_revoke_sign (
const struct GNUNET_HashCode *h_denom_pub,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterDenominationKeyRevocationPS rm = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED),
.purpose.size = htonl (sizeof (rm)),
.h_denom_pub = *h_denom_pub
};
GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
&rm,
&master_sig->eddsa_signature);
}
int
TALER_exchange_offline_denomination_revoke_verify (
const struct GNUNET_HashCode *h_denom_pub,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterDenominationKeyRevocationPS kr = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED),
.purpose.size = htonl (sizeof (kr)),
.h_denom_pub = *h_denom_pub
};
return GNUNET_CRYPTO_eddsa_verify (
TALER_SIGNATURE_MASTER_DENOMINATION_KEY_REVOKED,
&kr,
&master_sig->eddsa_signature,
&master_pub->eddsa_pub);
}
void
TALER_exchange_offline_signkey_revoke_sign (
const struct TALER_ExchangePublicKeyP *exchange_pub,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterSigningKeyRevocationPS kv = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED),
.purpose.size = htonl (sizeof (kv)),
.exchange_pub = *exchange_pub
};
GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
&kv,
&master_sig->eddsa_signature);
}
int
TALER_exchange_offline_signkey_revoke_verify (
const struct TALER_ExchangePublicKeyP *exchange_pub,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterSigningKeyRevocationPS rm = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED),
.purpose.size = htonl (sizeof (rm)),
.exchange_pub = *exchange_pub
};
return GNUNET_CRYPTO_eddsa_verify (
TALER_SIGNATURE_MASTER_SIGNING_KEY_REVOKED,
&rm,
&master_sig->eddsa_signature,
&master_pub->eddsa_pub);
}
void
TALER_exchange_offline_signkey_validity_sign (
const struct TALER_ExchangePublicKeyP *exchange_pub,
struct GNUNET_TIME_Absolute start_sign,
struct GNUNET_TIME_Absolute end_sign,
struct GNUNET_TIME_Absolute end_legal,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig)
{
struct TALER_ExchangeSigningKeyValidityPS skv = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY),
.purpose.size = htonl (sizeof (skv)),
.start = GNUNET_TIME_absolute_hton (start_sign),
.expire = GNUNET_TIME_absolute_hton (end_sign),
.end = GNUNET_TIME_absolute_hton (end_legal),
.signkey_pub = *exchange_pub
};
GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
&skv,
&master_sig->eddsa_signature);
}
int
TALER_exchange_offline_signkey_validity_verify (
const struct TALER_ExchangePublicKeyP *exchange_pub,
struct GNUNET_TIME_Absolute start_sign,
struct GNUNET_TIME_Absolute end_sign,
struct GNUNET_TIME_Absolute end_legal,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig)
{
struct TALER_ExchangeSigningKeyValidityPS skv = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY),
.purpose.size = htonl (sizeof (skv)),
.start = GNUNET_TIME_absolute_hton (start_sign),
.expire = GNUNET_TIME_absolute_hton (end_sign),
.end = GNUNET_TIME_absolute_hton (end_legal),
.signkey_pub = *exchange_pub
};
return
GNUNET_CRYPTO_eddsa_verify (
TALER_SIGNATURE_MASTER_SIGNING_KEY_VALIDITY,
&skv,
&master_sig->eddsa_signature,
&master_pub->eddsa_pub);
}
void
TALER_exchange_offline_wire_add_sign (
const char *payto_uri,
struct GNUNET_TIME_Absolute now,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterAddWirePS kv = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_ADD_WIRE),
.purpose.size = htonl (sizeof (kv)),
.start_date = GNUNET_TIME_absolute_hton (now),
};
GNUNET_assert (GNUNET_OK ==
GNUNET_TIME_round_abs (&now));
TALER_exchange_wire_signature_hash (payto_uri,
&kv.h_wire);
GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
&kv,
&master_sig->eddsa_signature);
}
int
TALER_exchange_offline_wire_add_verify (
const char *payto_uri,
struct GNUNET_TIME_Absolute sign_time,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterAddWirePS aw = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_ADD_WIRE),
.purpose.size = htonl (sizeof (aw)),
.start_date = GNUNET_TIME_absolute_hton (sign_time),
};
TALER_exchange_wire_signature_hash (payto_uri,
&aw.h_wire);
return
GNUNET_CRYPTO_eddsa_verify (
TALER_SIGNATURE_MASTER_ADD_WIRE,
&aw,
&master_sig->eddsa_signature,
&master_pub->eddsa_pub);
}
void
TALER_exchange_offline_wire_del_sign (
const char *payto_uri,
struct GNUNET_TIME_Absolute now,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterDelWirePS kv = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_DEL_WIRE),
.purpose.size = htonl (sizeof (kv)),
.end_date = GNUNET_TIME_absolute_hton (now),
};
GNUNET_assert (GNUNET_OK ==
GNUNET_TIME_round_abs (&now));
TALER_exchange_wire_signature_hash (payto_uri,
&kv.h_wire);
GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
&kv,
&master_sig->eddsa_signature);
}
int
TALER_exchange_offline_wire_del_verify (
const char *payto_uri,
struct GNUNET_TIME_Absolute sign_time,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterDelWirePS aw = {
.purpose.purpose = htonl (
TALER_SIGNATURE_MASTER_DEL_WIRE),
.purpose.size = htonl (sizeof (aw)),
.end_date = GNUNET_TIME_absolute_hton (sign_time),
};
TALER_exchange_wire_signature_hash (payto_uri,
&aw.h_wire);
return GNUNET_CRYPTO_eddsa_verify (
TALER_SIGNATURE_MASTER_DEL_WIRE,
&aw,
&master_sig->eddsa_signature,
&master_pub->eddsa_pub);
}
void
TALER_exchange_offline_wire_fee_sign (
const char *payment_method,
struct GNUNET_TIME_Absolute start_time,
struct GNUNET_TIME_Absolute end_time,
const struct TALER_Amount *wire_fee,
const struct TALER_Amount *closing_fee,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterWireFeePS kv = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_FEES),
.purpose.size = htonl (sizeof (kv)),
.start_date = GNUNET_TIME_absolute_hton (start_time),
.end_date = GNUNET_TIME_absolute_hton (end_time),
};
GNUNET_CRYPTO_hash (payment_method,
strlen (payment_method) + 1,
&kv.h_wire_method);
TALER_amount_hton (&kv.wire_fee,
wire_fee);
TALER_amount_hton (&kv.closing_fee,
closing_fee);
GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
&kv,
&master_sig->eddsa_signature);
}
int
TALER_exchange_offline_wire_fee_verify (
const char *payment_method,
struct GNUNET_TIME_Absolute start_time,
struct GNUNET_TIME_Absolute end_time,
const struct TALER_Amount *wire_fee,
const struct TALER_Amount *closing_fee,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterWireFeePS wf = {
.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_FEES),
.purpose.size = htonl (sizeof (wf)),
.start_date = GNUNET_TIME_absolute_hton (start_time),
.end_date = GNUNET_TIME_absolute_hton (end_time)
};
GNUNET_CRYPTO_hash (payment_method,
strlen (payment_method) + 1,
&wf.h_wire_method);
TALER_amount_hton (&wf.wire_fee,
wire_fee);
TALER_amount_hton (&wf.closing_fee,
closing_fee);
return
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_WIRE_FEES,
&wf,
&master_sig->eddsa_signature,
&master_pub->eddsa_pub);
}
/* end of offline_signatures.c */

1
src/util/payto.c
View File

@ -67,6 +67,7 @@ TALER_payto_get_subject (const char *payto_uri)
return NULL; return NULL;
} }
/** /**
* Obtain the payment method from a @a payto_uri. The * Obtain the payment method from a @a payto_uri. The
* format of a payto URI is 'payto://$METHOD/$SOMETHING'. * format of a payto URI is 'payto://$METHOD/$SOMETHING'.