fix #5434 (no more salt in exchange wire replies)
This commit is contained in:
parent
81ce7abe19
commit
a56e2e34bc
@ -2095,7 +2095,7 @@ wire_transfer_information_cb (void *cls,
|
|||||||
struct GNUNET_HashCode hw;
|
struct GNUNET_HashCode hw;
|
||||||
|
|
||||||
if (GNUNET_OK !=
|
if (GNUNET_OK !=
|
||||||
TALER_JSON_wire_signature_hash (account_details,
|
TALER_JSON_merchant_wire_signature_hash (account_details,
|
||||||
&hw))
|
&hw))
|
||||||
{
|
{
|
||||||
wcc->qs = GNUNET_DB_STATUS_HARD_ERROR;
|
wcc->qs = GNUNET_DB_STATUS_HARD_ERROR;
|
||||||
@ -2411,7 +2411,7 @@ check_wire_out_cb (void *cls,
|
|||||||
TALER_amount_get_zero (amount->currency,
|
TALER_amount_get_zero (amount->currency,
|
||||||
&wcc.total_deposits));
|
&wcc.total_deposits));
|
||||||
if (GNUNET_OK !=
|
if (GNUNET_OK !=
|
||||||
TALER_JSON_wire_signature_hash (wire,
|
TALER_JSON_merchant_wire_signature_hash (wire,
|
||||||
&wcc.h_wire))
|
&wcc.h_wire))
|
||||||
{
|
{
|
||||||
GNUNET_break (0);
|
GNUNET_break (0);
|
||||||
@ -3430,7 +3430,7 @@ deposit_cb (void *cls,
|
|||||||
dr.purpose.size = htonl (sizeof (dr));
|
dr.purpose.size = htonl (sizeof (dr));
|
||||||
dr.h_contract_terms = *h_contract_terms;
|
dr.h_contract_terms = *h_contract_terms;
|
||||||
if (GNUNET_OK !=
|
if (GNUNET_OK !=
|
||||||
TALER_JSON_wire_signature_hash (receiver_wire_account,
|
TALER_JSON_merchant_wire_signature_hash (receiver_wire_account,
|
||||||
&dr.h_wire))
|
&dr.h_wire))
|
||||||
{
|
{
|
||||||
GNUNET_break (0);
|
GNUNET_break (0);
|
||||||
|
@ -416,7 +416,7 @@ TALER_EXCHANGE_deposit (struct TALER_EXCHANGE_Handle *exchange,
|
|||||||
MAH_handle_is_ready (exchange));
|
MAH_handle_is_ready (exchange));
|
||||||
/* initialize h_wire */
|
/* initialize h_wire */
|
||||||
if (GNUNET_OK !=
|
if (GNUNET_OK !=
|
||||||
TALER_JSON_wire_signature_hash (wire_details,
|
TALER_JSON_merchant_wire_signature_hash (wire_details,
|
||||||
&h_wire))
|
&h_wire))
|
||||||
{
|
{
|
||||||
GNUNET_break (0);
|
GNUNET_break (0);
|
||||||
|
@ -272,7 +272,6 @@ handle_wire_finished (void *cls,
|
|||||||
json_t *account;
|
json_t *account;
|
||||||
struct GNUNET_JSON_Specification spec_account[] = {
|
struct GNUNET_JSON_Specification spec_account[] = {
|
||||||
GNUNET_JSON_spec_string ("url", &wa->url),
|
GNUNET_JSON_spec_string ("url", &wa->url),
|
||||||
GNUNET_JSON_spec_string ("salt", &wa->salt),
|
|
||||||
GNUNET_JSON_spec_fixed_auto ("master_sig", &wa->master_sig),
|
GNUNET_JSON_spec_fixed_auto ("master_sig", &wa->master_sig),
|
||||||
GNUNET_JSON_spec_end()
|
GNUNET_JSON_spec_end()
|
||||||
};
|
};
|
||||||
@ -281,7 +280,7 @@ handle_wire_finished (void *cls,
|
|||||||
account = json_array_get (accounts,
|
account = json_array_get (accounts,
|
||||||
i);
|
i);
|
||||||
if (GNUNET_OK !=
|
if (GNUNET_OK !=
|
||||||
TALER_JSON_wire_signature_check (account,
|
TALER_JSON_exchange_wire_signature_check (account,
|
||||||
&key_state->master_pub))
|
&key_state->master_pub))
|
||||||
{
|
{
|
||||||
/* bogus reply */
|
/* bogus reply */
|
||||||
|
@ -1,5 +1,4 @@
|
|||||||
{
|
{
|
||||||
"url": "payto://x-taler-bank/localhost:8082/2",
|
"url": "payto://x-taler-bank/localhost:8082/2",
|
||||||
"salt": "TMXB995ZZVKA02AG4074X3C6XX0BFTHY8XK76EF4BSG5XVDF069FEBN4TCKW9GS7NKZH409GKAVHMQPA3T361MC6VM7J268V3GBH42R",
|
"master_sig": "HC47BZN3C0KJ2VPMJ5EJWD2FXJ72AET0NWFE6JGSGK5CXS4GSKJJ6Z7BTS56JWM7B40SD61Z5GYYMRRE3X9JTJBVMWE0X7XHNXQ9P38"
|
||||||
"master_sig": "CK7BGHKYVAT7DMVCN00DQ0761NCTJVESZT69049BCF3SKNJKVHXXEQ5X6FH2HFGHCJ18YA1MGHBD8RRG4W3G4KJWQJDY2CGPGTHDJ2G"
|
|
||||||
}
|
}
|
@ -1,5 +1,4 @@
|
|||||||
{
|
{
|
||||||
"url": "payto://x-taler-bank/http://localhost:8082/2",
|
"url": "payto://x-taler-bank/http://localhost:8082/2",
|
||||||
"salt": "WGRD0W7YKD8ZAN960B0JBRARRY0K5FQ4920Q3DJBTYH4GY7W0XNAX1F04R5B1E0RWH1NFG08TM8K1517WNCXTJM9KMH4913Q5XPK0N8",
|
"master_sig": "KQ0BWSCNVR7HGGSAMCYK8ZM30RBS1MHMXT3QBN01PZWC9TV72FEE5RJ7T84C8134EPV6WEBXXY2MTFNE8ZXST6JEJQKR8HX6FQPVY10"
|
||||||
"master_sig": "J4N0KP64MGNEQX9HST9TDWK67152MSHHM9CTZH8GSMKD607BXSAF209AQYDKYT6QJP0NQXYXC1JMM9Z405DJHGV75JFMWP4G6WB6A00"
|
|
||||||
}
|
}
|
@ -330,7 +330,7 @@ deposit_run (void *cls,
|
|||||||
dr.h_contract_terms = h_contract_terms;
|
dr.h_contract_terms = h_contract_terms;
|
||||||
GNUNET_assert
|
GNUNET_assert
|
||||||
(GNUNET_OK ==
|
(GNUNET_OK ==
|
||||||
TALER_JSON_wire_signature_hash (ds->wire_details,
|
TALER_JSON_merchant_wire_signature_hash (ds->wire_details,
|
||||||
&dr.h_wire));
|
&dr.h_wire));
|
||||||
dr.timestamp = GNUNET_TIME_absolute_hton (timestamp);
|
dr.timestamp = GNUNET_TIME_absolute_hton (timestamp);
|
||||||
dr.refund_deadline = GNUNET_TIME_absolute_hton
|
dr.refund_deadline = GNUNET_TIME_absolute_hton
|
||||||
|
@ -328,7 +328,7 @@ track_transaction_run (void *cls,
|
|||||||
/* Should not fail here, json has been parsed already */
|
/* Should not fail here, json has been parsed already */
|
||||||
GNUNET_assert
|
GNUNET_assert
|
||||||
( (GNUNET_OK ==
|
( (GNUNET_OK ==
|
||||||
TALER_JSON_wire_signature_hash (wire_details,
|
TALER_JSON_merchant_wire_signature_hash (wire_details,
|
||||||
&h_wire_details)) &&
|
&h_wire_details)) &&
|
||||||
(GNUNET_OK ==
|
(GNUNET_OK ==
|
||||||
TALER_JSON_hash (j_contract_terms,
|
TALER_JSON_hash (j_contract_terms,
|
||||||
@ -614,8 +614,10 @@ track_transfer_cb
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (GNUNET_OK != TALER_TESTING_get_trait_wire_details
|
if (GNUNET_OK !=
|
||||||
(wire_details_cmd, 0, &wire_details))
|
TALER_TESTING_get_trait_wire_details (wire_details_cmd,
|
||||||
|
0,
|
||||||
|
&wire_details))
|
||||||
{
|
{
|
||||||
GNUNET_break (0);
|
GNUNET_break (0);
|
||||||
TALER_TESTING_interpreter_fail (is);
|
TALER_TESTING_interpreter_fail (is);
|
||||||
@ -623,8 +625,8 @@ track_transfer_cb
|
|||||||
}
|
}
|
||||||
|
|
||||||
GNUNET_assert
|
GNUNET_assert
|
||||||
(GNUNET_OK == TALER_JSON_wire_signature_hash
|
(GNUNET_OK ==
|
||||||
(wire_details,
|
TALER_JSON_merchant_wire_signature_hash (wire_details,
|
||||||
&h_wire_details));
|
&h_wire_details));
|
||||||
|
|
||||||
if (0 != memcmp (&h_wire_details,
|
if (0 != memcmp (&h_wire_details,
|
||||||
|
@ -59,6 +59,7 @@ sign_account_data (void *cls,
|
|||||||
json_t *wire;
|
json_t *wire;
|
||||||
char *json_out;
|
char *json_out;
|
||||||
FILE *out;
|
FILE *out;
|
||||||
|
int ret;
|
||||||
|
|
||||||
if (GNUNET_NO == ai->credit_enabled)
|
if (GNUNET_NO == ai->credit_enabled)
|
||||||
return;
|
return;
|
||||||
@ -70,8 +71,9 @@ sign_account_data (void *cls,
|
|||||||
global_ret = 1;
|
global_ret = 1;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
wire = TALER_JSON_wire_signature_make (ai->payto_url,
|
wire = TALER_JSON_exchange_wire_signature_make (ai->payto_url,
|
||||||
&master_priv);
|
&master_priv);
|
||||||
|
GNUNET_assert (NULL != wire);
|
||||||
json_out = json_dumps (wire,
|
json_out = json_dumps (wire,
|
||||||
JSON_INDENT(2));
|
JSON_INDENT(2));
|
||||||
json_decref (wire);
|
json_decref (wire);
|
||||||
@ -98,10 +100,20 @@ sign_account_data (void *cls,
|
|||||||
free (json_out);
|
free (json_out);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
fprintf (out,
|
ret = fprintf (out,
|
||||||
"%s",
|
"%s",
|
||||||
json_out);
|
json_out);
|
||||||
fclose (out);
|
fclose (out);
|
||||||
|
if ( (0 == fclose (out)) &&
|
||||||
|
(-1 != ret) )
|
||||||
|
fprintf (stdout,
|
||||||
|
"Created wire account file `%s'\n",
|
||||||
|
ai->wire_response_filename);
|
||||||
|
else
|
||||||
|
fprintf (stderr,
|
||||||
|
"Failure creating wire account file `%s': %s\n",
|
||||||
|
ai->wire_response_filename,
|
||||||
|
STRERROR (errno));
|
||||||
free (json_out);
|
free (json_out);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -705,7 +705,7 @@ deposit_cb (void *cls,
|
|||||||
GNUNET_break (0);
|
GNUNET_break (0);
|
||||||
return GNUNET_DB_STATUS_HARD_ERROR;
|
return GNUNET_DB_STATUS_HARD_ERROR;
|
||||||
}
|
}
|
||||||
TALER_JSON_wire_signature_hash (wire,
|
TALER_JSON_merchant_wire_signature_hash (wire,
|
||||||
&au->h_wire);
|
&au->h_wire);
|
||||||
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
|
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
|
||||||
&au->wtid,
|
&au->wtid,
|
||||||
|
@ -457,7 +457,7 @@ TEH_DEPOSIT_handler_deposit (struct TEH_RequestHandler *rh,
|
|||||||
"timestamp");
|
"timestamp");
|
||||||
}
|
}
|
||||||
if (GNUNET_OK !=
|
if (GNUNET_OK !=
|
||||||
TALER_JSON_wire_signature_hash (wire,
|
TALER_JSON_merchant_wire_signature_hash (wire,
|
||||||
&my_h_wire))
|
&my_h_wire))
|
||||||
{
|
{
|
||||||
TALER_LOG_WARNING ("Failed to parse JSON wire format specification for /deposit request\n");
|
TALER_LOG_WARNING ("Failed to parse JSON wire format specification for /deposit request\n");
|
||||||
|
@ -1633,6 +1633,9 @@ TEH_KS_release_ (const char *location,
|
|||||||
struct TEH_KS_StateHandle *key_state)
|
struct TEH_KS_StateHandle *key_state)
|
||||||
{
|
{
|
||||||
GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
|
GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
|
||||||
|
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
|
||||||
|
"KS released at %s\n",
|
||||||
|
location);
|
||||||
ks_release (key_state);
|
ks_release (key_state);
|
||||||
GNUNET_assert (0 == pthread_mutex_unlock (&internal_key_state_mutex));
|
GNUNET_assert (0 == pthread_mutex_unlock (&internal_key_state_mutex));
|
||||||
}
|
}
|
||||||
@ -1653,6 +1656,9 @@ TEH_KS_acquire_ (const char *location)
|
|||||||
struct TEH_KS_StateHandle *key_state;
|
struct TEH_KS_StateHandle *key_state;
|
||||||
|
|
||||||
GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
|
GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
|
||||||
|
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
|
||||||
|
"KS acquired at %s\n",
|
||||||
|
location);
|
||||||
if ( (NULL != internal_key_state) &&
|
if ( (NULL != internal_key_state) &&
|
||||||
(internal_key_state->next_reload.abs_value_us <= now.abs_value_us) )
|
(internal_key_state->next_reload.abs_value_us <= now.abs_value_us) )
|
||||||
{
|
{
|
||||||
|
@ -158,7 +158,7 @@ load_account (void *cls,
|
|||||||
}
|
}
|
||||||
GNUNET_free (url);
|
GNUNET_free (url);
|
||||||
if (GNUNET_OK !=
|
if (GNUNET_OK !=
|
||||||
TALER_JSON_wire_signature_check (wire_s,
|
TALER_JSON_exchange_wire_signature_check (wire_s,
|
||||||
&TEH_master_public_key))
|
&TEH_master_public_key))
|
||||||
{
|
{
|
||||||
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
|
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
|
||||||
|
@ -447,7 +447,7 @@ do_deposit (struct Command *cmd)
|
|||||||
GNUNET_free (str);
|
GNUNET_free (str);
|
||||||
}
|
}
|
||||||
GNUNET_assert (GNUNET_OK ==
|
GNUNET_assert (GNUNET_OK ==
|
||||||
TALER_JSON_wire_signature_hash (deposit.receiver_wire_account,
|
TALER_JSON_merchant_wire_signature_hash (deposit.receiver_wire_account,
|
||||||
&deposit.h_wire));
|
&deposit.h_wire));
|
||||||
deposit.timestamp = GNUNET_TIME_absolute_get ();
|
deposit.timestamp = GNUNET_TIME_absolute_get ();
|
||||||
GNUNET_TIME_round_abs (&deposit.timestamp);
|
GNUNET_TIME_round_abs (&deposit.timestamp);
|
||||||
|
@ -904,7 +904,7 @@ deposit_cb (void *cls,
|
|||||||
deposit_rowid = rowid;
|
deposit_rowid = rowid;
|
||||||
if (NULL != wire)
|
if (NULL != wire)
|
||||||
GNUNET_assert (GNUNET_OK ==
|
GNUNET_assert (GNUNET_OK ==
|
||||||
TALER_JSON_wire_signature_hash (wire,
|
TALER_JSON_merchant_wire_signature_hash (wire,
|
||||||
&h_wire));
|
&h_wire));
|
||||||
if ( (0 != memcmp (merchant_pub,
|
if ( (0 != memcmp (merchant_pub,
|
||||||
&deposit->merchant_pub,
|
&deposit->merchant_pub,
|
||||||
@ -1438,7 +1438,7 @@ wire_missing_cb (void *cls,
|
|||||||
|
|
||||||
if (NULL != wire)
|
if (NULL != wire)
|
||||||
GNUNET_assert (GNUNET_OK ==
|
GNUNET_assert (GNUNET_OK ==
|
||||||
TALER_JSON_wire_signature_hash (wire,
|
TALER_JSON_merchant_wire_signature_hash (wire,
|
||||||
&h_wire));
|
&h_wire));
|
||||||
else
|
else
|
||||||
memset (&h_wire,
|
memset (&h_wire,
|
||||||
@ -1922,7 +1922,7 @@ run (void *cls)
|
|||||||
RND_BLK (&deposit.merchant_pub);
|
RND_BLK (&deposit.merchant_pub);
|
||||||
RND_BLK (&deposit.h_contract_terms);
|
RND_BLK (&deposit.h_contract_terms);
|
||||||
GNUNET_assert (GNUNET_OK ==
|
GNUNET_assert (GNUNET_OK ==
|
||||||
TALER_JSON_wire_signature_hash (wire,
|
TALER_JSON_merchant_wire_signature_hash (wire,
|
||||||
&deposit.h_wire));
|
&deposit.h_wire));
|
||||||
deposit.receiver_wire_account = wire;
|
deposit.receiver_wire_account = wire;
|
||||||
deposit.amount_with_fee = value;
|
deposit.amount_with_fee = value;
|
||||||
|
@ -738,26 +738,23 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
|
|||||||
* hash is what is put into the contract.
|
* hash is what is put into the contract.
|
||||||
*
|
*
|
||||||
* @param payto_url bank account
|
* @param payto_url bank account
|
||||||
* @param salt salt used to eliminate brute-force inversion
|
|
||||||
* @param hc[out] set to the hash
|
* @param hc[out] set to the hash
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
TALER_wire_signature_hash (const char *payto_url,
|
TALER_exchange_wire_signature_hash (const char *payto_url,
|
||||||
const char *salt,
|
|
||||||
struct GNUNET_HashCode *hc);
|
struct GNUNET_HashCode *hc);
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check the signature in @a wire_s.
|
* Check the signature in @a wire_s.
|
||||||
*
|
*
|
||||||
* @param payto_url URL that is signed
|
* @param payto_url URL that is signed
|
||||||
* @param salt the salt used to salt the @a payto_url when hashing
|
|
||||||
* @param master_pub master public key of the exchange
|
* @param master_pub master public key of the exchange
|
||||||
* @param master_sig signature of the exchange
|
* @param master_sig signature of the exchange
|
||||||
* @return #GNUNET_OK if signature is valid
|
* @return #GNUNET_OK if signature is valid
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
TALER_wire_signature_check (const char *payto_url,
|
TALER_exchange_wire_signature_check (const char *payto_url,
|
||||||
const char *salt,
|
|
||||||
const struct TALER_MasterPublicKeyP *master_pub,
|
const struct TALER_MasterPublicKeyP *master_pub,
|
||||||
const struct TALER_MasterSignatureP *master_sig);
|
const struct TALER_MasterSignatureP *master_sig);
|
||||||
|
|
||||||
@ -766,15 +763,58 @@ TALER_wire_signature_check (const char *payto_url,
|
|||||||
* Create a signed wire statement for the given account.
|
* Create a signed wire statement for the given account.
|
||||||
*
|
*
|
||||||
* @param payto_url account specification
|
* @param payto_url account specification
|
||||||
* @param salt the salt used to salt the @a payto_url when hashing
|
|
||||||
* @param master_priv private key to sign with
|
* @param master_priv private key to sign with
|
||||||
* @param master_sig[out] where to write the signature
|
* @param master_sig[out] where to write the signature
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
TALER_wire_signature_make (const char *payto_url,
|
TALER_exchange_wire_signature_make (const char *payto_url,
|
||||||
const char *salt,
|
|
||||||
const struct TALER_MasterPrivateKeyP *master_priv,
|
const struct TALER_MasterPrivateKeyP *master_priv,
|
||||||
struct TALER_MasterSignatureP *master_sig);
|
struct TALER_MasterSignatureP *master_sig);
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Compute the hash of the given wire details. The resulting
|
||||||
|
* hash is what is put into the contract.
|
||||||
|
*
|
||||||
|
* @param payto_url bank account
|
||||||
|
* @param salt salt used to eliminate brute-force inversion
|
||||||
|
* @param hc[out] set to the hash
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
TALER_merchant_wire_signature_hash (const char *payto_url,
|
||||||
|
const char *salt,
|
||||||
|
struct GNUNET_HashCode *hc);
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check the signature in @a wire_s.
|
||||||
|
*
|
||||||
|
* @param payto_url URL that is signed
|
||||||
|
* @param salt the salt used to salt the @a payto_url when hashing
|
||||||
|
* @param merch_pub public key of the merchant
|
||||||
|
* @param merch_sig signature of the merchant
|
||||||
|
* @return #GNUNET_OK if signature is valid
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
TALER_merchant_wire_signature_check (const char *payto_url,
|
||||||
|
const char *salt,
|
||||||
|
const struct TALER_MerchantPublicKeyP *merch_pub,
|
||||||
|
const struct TALER_MerchantSignatureP *merch_sig);
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create a signed wire statement for the given account.
|
||||||
|
*
|
||||||
|
* @param payto_url account specification
|
||||||
|
* @param salt the salt used to salt the @a payto_url when hashing
|
||||||
|
* @param merch_priv private key to sign with
|
||||||
|
* @param merch_sig[out] where to write the signature
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
TALER_merchant_wire_signature_make (const char *payto_url,
|
||||||
|
const char *salt,
|
||||||
|
const struct TALER_MerchantPrivateKeyP *merch_priv,
|
||||||
|
struct TALER_MerchantSignatureP *merch_sig);
|
||||||
|
|
||||||
|
|
||||||
#endif
|
#endif
|
||||||
|
@ -479,11 +479,6 @@ struct TALER_EXCHANGE_WireAccount
|
|||||||
*/
|
*/
|
||||||
const char *url;
|
const char *url;
|
||||||
|
|
||||||
/**
|
|
||||||
* Salt used to generate @e master_sig.
|
|
||||||
*/
|
|
||||||
const char *salt;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Signature of the exchange over the account (was checked by the API).
|
* Signature of the exchange over the account (was checked by the API).
|
||||||
*/
|
*/
|
||||||
|
@ -137,9 +137,23 @@ TALER_JSON_get_error_code (const json_t *json);
|
|||||||
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
|
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
TALER_JSON_wire_signature_hash (const json_t *wire_s,
|
TALER_JSON_merchant_wire_signature_hash (const json_t *wire_s,
|
||||||
struct GNUNET_HashCode *hc);
|
struct GNUNET_HashCode *hc);
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Compute the hash of the given wire details. The resulting
|
||||||
|
* hash is what is signed by the master public key.
|
||||||
|
*
|
||||||
|
* @param wire_s wire details to hash
|
||||||
|
* @param hc[out] set to the hash
|
||||||
|
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
TALER_JSON_exchange_wire_signature_hash (const json_t *wire_s,
|
||||||
|
struct GNUNET_HashCode *hc);
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Check the signature in @a wire_s.
|
* Check the signature in @a wire_s.
|
||||||
*
|
*
|
||||||
@ -148,7 +162,7 @@ TALER_JSON_wire_signature_hash (const json_t *wire_s,
|
|||||||
* @return #GNUNET_OK if signature is valid
|
* @return #GNUNET_OK if signature is valid
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
TALER_JSON_wire_signature_check (const json_t *wire_s,
|
TALER_JSON_exchange_wire_signature_check (const json_t *wire_s,
|
||||||
const struct TALER_MasterPublicKeyP *master_pub);
|
const struct TALER_MasterPublicKeyP *master_pub);
|
||||||
|
|
||||||
|
|
||||||
@ -159,7 +173,7 @@ TALER_JSON_wire_signature_check (const json_t *wire_s,
|
|||||||
* @param master_priv private key to sign with, NULL to not sign
|
* @param master_priv private key to sign with, NULL to not sign
|
||||||
*/
|
*/
|
||||||
json_t *
|
json_t *
|
||||||
TALER_JSON_wire_signature_make (const char *payto_url,
|
TALER_JSON_exchange_wire_signature_make (const char *payto_url,
|
||||||
const struct TALER_MasterPrivateKeyP *master_priv);
|
const struct TALER_MasterPrivateKeyP *master_priv);
|
||||||
|
|
||||||
|
|
||||||
|
@ -178,6 +178,12 @@
|
|||||||
*/
|
*/
|
||||||
#define TALER_SIGNATURE_MERCHANT_PAY_SESSION 1106
|
#define TALER_SIGNATURE_MERCHANT_PAY_SESSION 1106
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Signature where the merchant confirms its own (salted)
|
||||||
|
* wire details (not yet really used).
|
||||||
|
*/
|
||||||
|
#define TALER_SIGNATURE_MERCHANT_WIRE_DETAILS 1107
|
||||||
|
|
||||||
|
|
||||||
/*********************/
|
/*********************/
|
||||||
/* Wallet signatures */
|
/* Wallet signatures */
|
||||||
|
@ -46,6 +46,7 @@ struct TALER_WIRE_Plugin *
|
|||||||
TALER_WIRE_plugin_load (const struct GNUNET_CONFIGURATION_Handle *cfg,
|
TALER_WIRE_plugin_load (const struct GNUNET_CONFIGURATION_Handle *cfg,
|
||||||
const char *plugin_name);
|
const char *plugin_name);
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Unload a WIRE plugin.
|
* Unload a WIRE plugin.
|
||||||
*
|
*
|
||||||
|
@ -34,7 +34,39 @@
|
|||||||
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
|
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
TALER_JSON_wire_signature_hash (const json_t *wire_s,
|
TALER_JSON_exchange_wire_signature_hash (const json_t *wire_s,
|
||||||
|
struct GNUNET_HashCode *hc)
|
||||||
|
{
|
||||||
|
const char *payto_url;
|
||||||
|
struct GNUNET_JSON_Specification spec[] = {
|
||||||
|
GNUNET_JSON_spec_string ("url", &payto_url),
|
||||||
|
GNUNET_JSON_spec_end ()
|
||||||
|
};
|
||||||
|
|
||||||
|
if (GNUNET_OK !=
|
||||||
|
GNUNET_JSON_parse (wire_s,
|
||||||
|
spec,
|
||||||
|
NULL, NULL))
|
||||||
|
{
|
||||||
|
GNUNET_break_op (0);
|
||||||
|
return GNUNET_SYSERR;
|
||||||
|
}
|
||||||
|
TALER_exchange_wire_signature_hash (payto_url,
|
||||||
|
hc);
|
||||||
|
return GNUNET_OK;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Compute the hash of the given wire details. The resulting
|
||||||
|
* hash is what is put into the contract.
|
||||||
|
*
|
||||||
|
* @param wire_s wire details to hash
|
||||||
|
* @param hc[out] set to the hash
|
||||||
|
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
TALER_JSON_merchant_wire_signature_hash (const json_t *wire_s,
|
||||||
struct GNUNET_HashCode *hc)
|
struct GNUNET_HashCode *hc)
|
||||||
{
|
{
|
||||||
const char *payto_url;
|
const char *payto_url;
|
||||||
@ -53,7 +85,7 @@ TALER_JSON_wire_signature_hash (const json_t *wire_s,
|
|||||||
GNUNET_break_op (0);
|
GNUNET_break_op (0);
|
||||||
return GNUNET_SYSERR;
|
return GNUNET_SYSERR;
|
||||||
}
|
}
|
||||||
TALER_wire_signature_hash (payto_url,
|
TALER_merchant_wire_signature_hash (payto_url,
|
||||||
salt,
|
salt,
|
||||||
hc);
|
hc);
|
||||||
return GNUNET_OK;
|
return GNUNET_OK;
|
||||||
@ -68,15 +100,13 @@ TALER_JSON_wire_signature_hash (const json_t *wire_s,
|
|||||||
* @return #GNUNET_OK if signature is valid
|
* @return #GNUNET_OK if signature is valid
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
TALER_JSON_wire_signature_check (const json_t *wire_s,
|
TALER_JSON_exchange_wire_signature_check (const json_t *wire_s,
|
||||||
const struct TALER_MasterPublicKeyP *master_pub)
|
const struct TALER_MasterPublicKeyP *master_pub)
|
||||||
{
|
{
|
||||||
const char *payto_url;
|
const char *payto_url;
|
||||||
const char *salt;
|
|
||||||
struct TALER_MasterSignatureP master_sig;
|
struct TALER_MasterSignatureP master_sig;
|
||||||
struct GNUNET_JSON_Specification spec[] = {
|
struct GNUNET_JSON_Specification spec[] = {
|
||||||
GNUNET_JSON_spec_string ("url", &payto_url),
|
GNUNET_JSON_spec_string ("url", &payto_url),
|
||||||
GNUNET_JSON_spec_string ("salt", &salt),
|
|
||||||
GNUNET_JSON_spec_fixed_auto ("master_sig", &master_sig),
|
GNUNET_JSON_spec_fixed_auto ("master_sig", &master_sig),
|
||||||
GNUNET_JSON_spec_end ()
|
GNUNET_JSON_spec_end ()
|
||||||
};
|
};
|
||||||
@ -89,8 +119,7 @@ TALER_JSON_wire_signature_check (const json_t *wire_s,
|
|||||||
GNUNET_break_op (0);
|
GNUNET_break_op (0);
|
||||||
return GNUNET_SYSERR;
|
return GNUNET_SYSERR;
|
||||||
}
|
}
|
||||||
return TALER_wire_signature_check (payto_url,
|
return TALER_exchange_wire_signature_check (payto_url,
|
||||||
salt,
|
|
||||||
master_pub,
|
master_pub,
|
||||||
&master_sig);
|
&master_sig);
|
||||||
}
|
}
|
||||||
@ -103,39 +132,18 @@ TALER_JSON_wire_signature_check (const json_t *wire_s,
|
|||||||
* @param master_priv private key to sign with, NULL to not sign
|
* @param master_priv private key to sign with, NULL to not sign
|
||||||
*/
|
*/
|
||||||
json_t *
|
json_t *
|
||||||
TALER_JSON_wire_signature_make (const char *payto_url,
|
TALER_JSON_exchange_wire_signature_make (const char *payto_url,
|
||||||
const struct TALER_MasterPrivateKeyP *master_priv)
|
const struct TALER_MasterPrivateKeyP *master_priv)
|
||||||
{
|
{
|
||||||
struct TALER_MasterSignatureP master_sig;
|
struct TALER_MasterSignatureP master_sig;
|
||||||
struct GNUNET_HashCode salt;
|
|
||||||
char *salt_str;
|
|
||||||
json_t *ret;
|
|
||||||
|
|
||||||
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
|
TALER_exchange_wire_signature_make (payto_url,
|
||||||
&salt,
|
|
||||||
sizeof (salt));
|
|
||||||
salt_str = GNUNET_STRINGS_data_to_string_alloc (&salt,
|
|
||||||
sizeof (salt));
|
|
||||||
if (NULL != master_priv)
|
|
||||||
{
|
|
||||||
TALER_wire_signature_make (payto_url,
|
|
||||||
salt_str,
|
|
||||||
master_priv,
|
master_priv,
|
||||||
&master_sig);
|
&master_sig);
|
||||||
ret = json_pack ("{s:s, s:s, s:o}",
|
return json_pack ("{s:s, s:o}",
|
||||||
"url", payto_url,
|
"url", payto_url,
|
||||||
"salt", salt_str,
|
|
||||||
"master_sig", GNUNET_JSON_from_data_auto (&master_sig));
|
"master_sig", GNUNET_JSON_from_data_auto (&master_sig));
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
ret = json_pack ("{s:s, s:s}",
|
|
||||||
"url", payto_url,
|
|
||||||
"salt", salt_str);
|
|
||||||
}
|
|
||||||
GNUNET_free (salt_str);
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -22,28 +22,25 @@
|
|||||||
#include "taler_crypto_lib.h"
|
#include "taler_crypto_lib.h"
|
||||||
#include "taler_signatures.h"
|
#include "taler_signatures.h"
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Compute the hash of the given wire details. The resulting
|
* Compute the hash of the given wire details. The resulting
|
||||||
* hash is what is put into the contract.
|
* hash is what is put into the contract.
|
||||||
*
|
*
|
||||||
* @param payto_url bank account
|
* @param payto_url bank account
|
||||||
* @param salt salt used to eliminate brute-force inversion
|
|
||||||
* @param hc[out] set to the hash
|
* @param hc[out] set to the hash
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
TALER_wire_signature_hash (const char *payto_url,
|
TALER_exchange_wire_signature_hash (const char *payto_url,
|
||||||
const char *salt,
|
|
||||||
struct GNUNET_HashCode *hc)
|
struct GNUNET_HashCode *hc)
|
||||||
{
|
{
|
||||||
GNUNET_assert (GNUNET_YES ==
|
GNUNET_assert (GNUNET_YES ==
|
||||||
GNUNET_CRYPTO_kdf (hc,
|
GNUNET_CRYPTO_kdf (hc,
|
||||||
sizeof (*hc),
|
sizeof (*hc),
|
||||||
salt,
|
|
||||||
strlen (salt) + 1,
|
|
||||||
payto_url,
|
payto_url,
|
||||||
strlen (payto_url) + 1,
|
strlen (payto_url) + 1,
|
||||||
"wire-signature",
|
"exchange-wire-signature",
|
||||||
strlen ("wire-signature"),
|
strlen ("exchange-wire-signature"),
|
||||||
NULL, 0));
|
NULL, 0));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -52,14 +49,12 @@ TALER_wire_signature_hash (const char *payto_url,
|
|||||||
* Check the signature in @a wire_s.
|
* Check the signature in @a wire_s.
|
||||||
*
|
*
|
||||||
* @param payto_url URL that is signed
|
* @param payto_url URL that is signed
|
||||||
* @param salt the salt used to salt the @a payto_url when hashing
|
|
||||||
* @param master_pub master public key of the exchange
|
* @param master_pub master public key of the exchange
|
||||||
* @param master_sig signature of the exchange
|
* @param master_sig signature of the exchange
|
||||||
* @return #GNUNET_OK if signature is valid
|
* @return #GNUNET_OK if signature is valid
|
||||||
*/
|
*/
|
||||||
int
|
int
|
||||||
TALER_wire_signature_check (const char *payto_url,
|
TALER_exchange_wire_signature_check (const char *payto_url,
|
||||||
const char *salt,
|
|
||||||
const struct TALER_MasterPublicKeyP *master_pub,
|
const struct TALER_MasterPublicKeyP *master_pub,
|
||||||
const struct TALER_MasterSignatureP *master_sig)
|
const struct TALER_MasterSignatureP *master_sig)
|
||||||
{
|
{
|
||||||
@ -67,8 +62,7 @@ TALER_wire_signature_check (const char *payto_url,
|
|||||||
|
|
||||||
wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
|
wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
|
||||||
wd.purpose.size = htonl (sizeof (wd));
|
wd.purpose.size = htonl (sizeof (wd));
|
||||||
TALER_wire_signature_hash (payto_url,
|
TALER_exchange_wire_signature_hash (payto_url,
|
||||||
salt,
|
|
||||||
&wd.h_wire_details);
|
&wd.h_wire_details);
|
||||||
return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_WIRE_DETAILS,
|
return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_WIRE_DETAILS,
|
||||||
&wd.purpose,
|
&wd.purpose,
|
||||||
@ -81,13 +75,11 @@ TALER_wire_signature_check (const char *payto_url,
|
|||||||
* Create a signed wire statement for the given account.
|
* Create a signed wire statement for the given account.
|
||||||
*
|
*
|
||||||
* @param payto_url account specification
|
* @param payto_url account specification
|
||||||
* @param salt the salt used to salt the @a payto_url when hashing
|
|
||||||
* @param master_priv private key to sign with
|
* @param master_priv private key to sign with
|
||||||
* @param master_sig[out] where to write the signature
|
* @param master_sig[out] where to write the signature
|
||||||
*/
|
*/
|
||||||
void
|
void
|
||||||
TALER_wire_signature_make (const char *payto_url,
|
TALER_exchange_wire_signature_make (const char *payto_url,
|
||||||
const char *salt,
|
|
||||||
const struct TALER_MasterPrivateKeyP *master_priv,
|
const struct TALER_MasterPrivateKeyP *master_priv,
|
||||||
struct TALER_MasterSignatureP *master_sig)
|
struct TALER_MasterSignatureP *master_sig)
|
||||||
{
|
{
|
||||||
@ -95,8 +87,7 @@ TALER_wire_signature_make (const char *payto_url,
|
|||||||
|
|
||||||
wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
|
wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
|
||||||
wd.purpose.size = htonl (sizeof (wd));
|
wd.purpose.size = htonl (sizeof (wd));
|
||||||
TALER_wire_signature_hash (payto_url,
|
TALER_exchange_wire_signature_hash (payto_url,
|
||||||
salt,
|
|
||||||
&wd.h_wire_details);
|
&wd.h_wire_details);
|
||||||
GNUNET_assert (GNUNET_OK ==
|
GNUNET_assert (GNUNET_OK ==
|
||||||
GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
|
GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
|
||||||
@ -105,4 +96,87 @@ TALER_wire_signature_make (const char *payto_url,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Compute the hash of the given wire details. The resulting
|
||||||
|
* hash is what is put into the contract.
|
||||||
|
*
|
||||||
|
* @param payto_url bank account
|
||||||
|
* @param salt salt used to eliminate brute-force inversion
|
||||||
|
* @param hc[out] set to the hash
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
TALER_merchant_wire_signature_hash (const char *payto_url,
|
||||||
|
const char *salt,
|
||||||
|
struct GNUNET_HashCode *hc)
|
||||||
|
{
|
||||||
|
GNUNET_assert (GNUNET_YES ==
|
||||||
|
GNUNET_CRYPTO_kdf (hc,
|
||||||
|
sizeof (*hc),
|
||||||
|
salt,
|
||||||
|
strlen (salt) + 1,
|
||||||
|
payto_url,
|
||||||
|
strlen (payto_url) + 1,
|
||||||
|
"merchant-wire-signature",
|
||||||
|
strlen ("merchant-wire-signature"),
|
||||||
|
NULL, 0));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Check the signature in @a merch_sig. (Not yet used anywhere.)
|
||||||
|
*
|
||||||
|
* @param payto_url URL that is signed
|
||||||
|
* @param salt the salt used to salt the @a payto_url when hashing
|
||||||
|
* @param merch_pub master public key of the merchant
|
||||||
|
* @param merch_sig signature of the merchant
|
||||||
|
* @return #GNUNET_OK if signature is valid
|
||||||
|
*/
|
||||||
|
int
|
||||||
|
TALER_merchant_wire_signature_check (const char *payto_url,
|
||||||
|
const char *salt,
|
||||||
|
const struct TALER_MerchantPublicKeyP *merch_pub,
|
||||||
|
const struct TALER_MerchantSignatureP *merch_sig)
|
||||||
|
{
|
||||||
|
struct TALER_MasterWireDetailsPS wd;
|
||||||
|
|
||||||
|
wd.purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS);
|
||||||
|
wd.purpose.size = htonl (sizeof (wd));
|
||||||
|
TALER_merchant_wire_signature_hash (payto_url,
|
||||||
|
salt,
|
||||||
|
&wd.h_wire_details);
|
||||||
|
return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS,
|
||||||
|
&wd.purpose,
|
||||||
|
&merch_sig->eddsa_sig,
|
||||||
|
&merch_pub->eddsa_pub);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Create a signed wire statement for the given account. (Not yet used anywhere.)
|
||||||
|
*
|
||||||
|
* @param payto_url account specification
|
||||||
|
* @param salt the salt used to salt the @a payto_url when hashing
|
||||||
|
* @param merchant_priv private key to sign with
|
||||||
|
* @param merchant_sig[out] where to write the signature
|
||||||
|
*/
|
||||||
|
void
|
||||||
|
TALER_merchant_wire_signature_make (const char *payto_url,
|
||||||
|
const char *salt,
|
||||||
|
const struct TALER_MerchantPrivateKeyP *merch_priv,
|
||||||
|
struct TALER_MerchantSignatureP *merch_sig)
|
||||||
|
{
|
||||||
|
struct TALER_MasterWireDetailsPS wd;
|
||||||
|
|
||||||
|
wd.purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS);
|
||||||
|
wd.purpose.size = htonl (sizeof (wd));
|
||||||
|
TALER_merchant_wire_signature_hash (payto_url,
|
||||||
|
salt,
|
||||||
|
&wd.h_wire_details);
|
||||||
|
GNUNET_assert (GNUNET_OK ==
|
||||||
|
GNUNET_CRYPTO_eddsa_sign (&merch_priv->eddsa_priv,
|
||||||
|
&wd.purpose,
|
||||||
|
&merch_sig->eddsa_sig));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* end of crypto_wire.c */
|
/* end of crypto_wire.c */
|
||||||
|
Loading…
Reference in New Issue
Block a user