generate /keys signature as binary-only
This commit is contained in:
Christian Grothoff
parent
3bb26bcf47
commit
6e070416c3
@ -300,6 +300,17 @@ void
|
|||||||
TALER_MINT_disconnect (struct TALER_MINT_Handle *mint);
|
TALER_MINT_disconnect (struct TALER_MINT_Handle *mint);
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Obtain the current signing key from the mint.
|
||||||
|
*
|
||||||
|
* @param keys the mint's key set
|
||||||
|
* @return sk current online signing key for the mint, NULL on error
|
||||||
|
*/
|
||||||
|
const struct TALER_MintPublicKeyP *
|
||||||
|
TALER_MINT_get_signing_key (struct TALER_MINT_Keys *keys);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#if 0
|
#if 0
|
||||||
|
|
||||||
// FIXME: API below with json-crap is too low-level...
|
// FIXME: API below with json-crap is too low-level...
|
||||||
|
|||||||
@ -308,13 +308,15 @@ parse_json_signkey (struct TALER_MINT_SigningPublicKey *sign_key,
|
|||||||
* @param[out] denom_key where to return the result
|
* @param[out] denom_key where to return the result
|
||||||
* @param[in] denom_key_obj json to parse
|
* @param[in] denom_key_obj json to parse
|
||||||
* @param master_key master key to use to verify signature
|
* @param master_key master key to use to verify signature
|
||||||
|
* @param hash_context where to accumulate data for signature verification
|
||||||
* @return #GNUNET_OK if all is fine, #GNUNET_SYSERR if the signature is
|
* @return #GNUNET_OK if all is fine, #GNUNET_SYSERR if the signature is
|
||||||
* invalid or the json malformed.
|
* invalid or the json malformed.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
parse_json_denomkey (struct TALER_MINT_DenomPublicKey *denom_key,
|
parse_json_denomkey (struct TALER_MINT_DenomPublicKey *denom_key,
|
||||||
json_t *denom_key_obj,
|
json_t *denom_key_obj,
|
||||||
struct TALER_MasterPublicKeyP *master_key)
|
struct TALER_MasterPublicKeyP *master_key,
|
||||||
|
struct GNUNET_HashContext *hash_context)
|
||||||
{
|
{
|
||||||
struct GNUNET_TIME_Absolute valid_from;
|
struct GNUNET_TIME_Absolute valid_from;
|
||||||
struct GNUNET_TIME_Absolute withdraw_valid_until;
|
struct GNUNET_TIME_Absolute withdraw_valid_until;
|
||||||
@ -387,6 +389,9 @@ parse_json_denomkey (struct TALER_MINT_DenomPublicKey *denom_key,
|
|||||||
&denom_key_issue.purpose,
|
&denom_key_issue.purpose,
|
||||||
&sig,
|
&sig,
|
||||||
&master_key->eddsa_pub));
|
&master_key->eddsa_pub));
|
||||||
|
GNUNET_CRYPTO_hash_context_read (hash_context,
|
||||||
|
&denom_key_issue.denom_hash,
|
||||||
|
sizeof (struct GNUNET_HashCode));
|
||||||
denom_key->key.rsa_public_key = pk;
|
denom_key->key.rsa_public_key = pk;
|
||||||
denom_key->valid_from = valid_from;
|
denom_key->valid_from = valid_from;
|
||||||
denom_key->withdraw_valid_until = withdraw_valid_until;
|
denom_key->withdraw_valid_until = withdraw_valid_until;
|
||||||
@ -416,15 +421,22 @@ decode_keys_json (json_t *resp_obj,
|
|||||||
struct TALER_MINT_Keys *key_data)
|
struct TALER_MINT_Keys *key_data)
|
||||||
{
|
{
|
||||||
struct GNUNET_TIME_Absolute list_issue_date;
|
struct GNUNET_TIME_Absolute list_issue_date;
|
||||||
|
struct TALER_MintSignatureP sig;
|
||||||
|
struct TALER_MintKeySetPS ks;
|
||||||
|
struct GNUNET_HashContext *hash_context;
|
||||||
|
const struct TALER_MintPublicKeyP *pub;
|
||||||
|
|
||||||
if (JSON_OBJECT != json_typeof (resp_obj))
|
if (JSON_OBJECT != json_typeof (resp_obj))
|
||||||
return GNUNET_SYSERR;
|
return GNUNET_SYSERR;
|
||||||
|
|
||||||
|
hash_context = GNUNET_CRYPTO_hash_context_start ();
|
||||||
/* parse the master public key and issue date of the response */
|
/* parse the master public key and issue date of the response */
|
||||||
{
|
{
|
||||||
struct MAJ_Specification spec[] = {
|
struct MAJ_Specification spec[] = {
|
||||||
MAJ_spec_fixed_auto ("master_public_key",
|
MAJ_spec_fixed_auto ("master_public_key",
|
||||||
&key_data->master_pub),
|
&key_data->master_pub),
|
||||||
|
MAJ_spec_fixed_auto ("eddsa_sig",
|
||||||
|
&sig),
|
||||||
MAJ_spec_absolute_time ("list_issue_date",
|
MAJ_spec_absolute_time ("list_issue_date",
|
||||||
&list_issue_date),
|
&list_issue_date),
|
||||||
MAJ_spec_end
|
MAJ_spec_end
|
||||||
@ -476,19 +488,34 @@ decode_keys_json (json_t *resp_obj,
|
|||||||
EXITIF (GNUNET_SYSERR ==
|
EXITIF (GNUNET_SYSERR ==
|
||||||
parse_json_denomkey (&key_data->denom_keys[index],
|
parse_json_denomkey (&key_data->denom_keys[index],
|
||||||
denom_key_obj,
|
denom_key_obj,
|
||||||
&key_data->master_pub));
|
&key_data->master_pub,
|
||||||
|
hash_context));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return GNUNET_OK;
|
return GNUNET_OK;
|
||||||
|
|
||||||
/* FIXME: parse the auditor keys */
|
/* FIXME: parse the auditor keys (#3847) */
|
||||||
|
|
||||||
/* FIXME: parse 'eddsa_sig' */
|
/* Validate signature... */
|
||||||
|
ks.purpose.size = htonl (sizeof (ks));
|
||||||
/* FIXME: validate signature... */
|
ks.purpose.purpose = htonl (TALER_SIGNATURE_MINT_KEY_SET);
|
||||||
|
ks.list_issue_date = GNUNET_TIME_absolute_hton (list_issue_date);
|
||||||
EXITIF_exit:
|
GNUNET_CRYPTO_hash_context_finish (hash_context,
|
||||||
|
&ks.hc);
|
||||||
|
hash_context = NULL;
|
||||||
|
pub = TALER_MINT_get_signing_key (key_data);
|
||||||
|
EXITIF (NULL == pub);
|
||||||
|
EXITIF (GNUNET_OK !=
|
||||||
|
GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MINT_KEY_SET,
|
||||||
|
&ks.purpose,
|
||||||
|
&sig.eddsa_signature,
|
||||||
|
&pub->eddsa_pub));
|
||||||
return GNUNET_OK;
|
return GNUNET_OK;
|
||||||
|
EXITIF_exit:
|
||||||
|
|
||||||
|
if (NULL != hash_context)
|
||||||
|
GNUNET_CRYPTO_hash_context_abort (hash_context);
|
||||||
|
return GNUNET_SYSERR;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -715,4 +742,25 @@ TALER_MINT_disconnect (struct TALER_MINT_Handle *mint)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Obtain the current signing key from the mint.
|
||||||
|
*
|
||||||
|
* @param keys the mint's key set
|
||||||
|
* @return sk current online signing key for the mint, NULL on error
|
||||||
|
*/
|
||||||
|
const struct TALER_MintPublicKeyP *
|
||||||
|
TALER_MINT_get_signing_key (struct TALER_MINT_Keys *keys)
|
||||||
|
{
|
||||||
|
struct GNUNET_TIME_Absolute now;
|
||||||
|
unsigned int i;
|
||||||
|
|
||||||
|
now = GNUNET_TIME_absolute_get ();
|
||||||
|
for (i=0;i<keys->num_sign_keys;i++)
|
||||||
|
if ( (keys->sign_keys[i].valid_from.abs_value_us <= now.abs_value_us) &&
|
||||||
|
(keys->sign_keys[i].valid_until.abs_value_us > now.abs_value_us) )
|
||||||
|
return &keys->sign_keys[i].key;
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* end of mint_api_handle.c */
|
/* end of mint_api_handle.c */
|
||||||
|
|||||||
@ -525,8 +525,8 @@ TMH_KS_acquire (void)
|
|||||||
"signkeys", key_state->sign_keys_array,
|
"signkeys", key_state->sign_keys_array,
|
||||||
"denoms", key_state->denom_keys_array,
|
"denoms", key_state->denom_keys_array,
|
||||||
"list_issue_date", TALER_json_from_abs (key_state->reload_time),
|
"list_issue_date", TALER_json_from_abs (key_state->reload_time),
|
||||||
"eddsa_sig", TALER_json_from_eddsa_sig (&ks.purpose,
|
"eddsa_sig", TALER_json_from_data (&sig,
|
||||||
&sig.eddsa_signature));
|
sizeof (struct TALER_MintSignatureP)));
|
||||||
key_state->keys_json = json_dumps (keys,
|
key_state->keys_json = json_dumps (keys,
|
||||||
JSON_INDENT (2));
|
JSON_INDENT (2));
|
||||||
json_decref (keys);
|
json_decref (keys);
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user