taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix #5434 (no more salt in exchange wire replies)

Browse Source
This commit is contained in:
Christian Grothoff 2018-10-06 15:05:06 +02:00
parent 81ce7abe19
commit a56e2e34bc
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
21 changed files with 290 additions and 135 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/auditor/taler-auditor.c
View File

@ -2095,8 +2095,8 @@ wire_transfer_information_cb (void *cls,
struct GNUNET_HashCode hw;
if (GNUNET_OK !=
TALER_JSON_wire_signature_hash (account_details,
&hw))
TALER_JSON_merchant_wire_signature_hash (account_details,
&hw))
{
wcc->qs = GNUNET_DB_STATUS_HARD_ERROR;
report_row_inconsistency ("aggregation",
@ -2411,8 +2411,8 @@ check_wire_out_cb (void *cls,
TALER_amount_get_zero (amount->currency,
&wcc.total_deposits));
if (GNUNET_OK !=
TALER_JSON_wire_signature_hash (wire,
&wcc.h_wire))
TALER_JSON_merchant_wire_signature_hash (wire,
&wcc.h_wire))
{
GNUNET_break (0);
return GNUNET_SYSERR;
@ -3430,8 +3430,8 @@ deposit_cb (void *cls,
dr.purpose.size = htonl (sizeof (dr));
dr.h_contract_terms = *h_contract_terms;
if (GNUNET_OK !=
TALER_JSON_wire_signature_hash (receiver_wire_account,
&dr.h_wire))
TALER_JSON_merchant_wire_signature_hash (receiver_wire_account,
&dr.h_wire))
{
GNUNET_break (0);
cc->qs = GNUNET_DB_STATUS_HARD_ERROR;

4
src/exchange-lib/exchange_api_deposit.c
View File

@ -416,8 +416,8 @@ TALER_EXCHANGE_deposit (struct TALER_EXCHANGE_Handle *exchange,
MAH_handle_is_ready (exchange));
/* initialize h_wire */
if (GNUNET_OK !=
TALER_JSON_wire_signature_hash (wire_details,
&h_wire))
TALER_JSON_merchant_wire_signature_hash (wire_details,
&h_wire))
{
GNUNET_break (0);
return NULL;

5
src/exchange-lib/exchange_api_wire.c
View File

@ -272,7 +272,6 @@ handle_wire_finished (void *cls,
json_t *account;
struct GNUNET_JSON_Specification spec_account[] = {
GNUNET_JSON_spec_string ("url", &wa->url),
GNUNET_JSON_spec_string ("salt", &wa->salt),
GNUNET_JSON_spec_fixed_auto ("master_sig", &wa->master_sig),
GNUNET_JSON_spec_end()
};
@ -281,8 +280,8 @@ handle_wire_finished (void *cls,
account = json_array_get (accounts,
i);
if (GNUNET_OK !=
TALER_JSON_wire_signature_check (account,
&key_state->master_pub))
TALER_JSON_exchange_wire_signature_check (account,
&key_state->master_pub))
{
/* bogus reply */
GNUNET_break_op (0);

3
src/exchange-lib/test_exchange_api_home/.config/taler/account-2.json
View File

@ -1,5 +1,4 @@
{
"url": "payto://x-taler-bank/localhost:8082/2",
"salt": "TMXB995ZZVKA02AG4074X3C6XX0BFTHY8XK76EF4BSG5XVDF069FEBN4TCKW9GS7NKZH409GKAVHMQPA3T361MC6VM7J268V3GBH42R",
"master_sig": "CK7BGHKYVAT7DMVCN00DQ0761NCTJVESZT69049BCF3SKNJKVHXXEQ5X6FH2HFGHCJ18YA1MGHBD8RRG4W3G4KJWQJDY2CGPGTHDJ2G"
"master_sig": "HC47BZN3C0KJ2VPMJ5EJWD2FXJ72AET0NWFE6JGSGK5CXS4GSKJJ6Z7BTS56JWM7B40SD61Z5GYYMRRE3X9JTJBVMWE0X7XHNXQ9P38"
}

3
src/exchange-lib/test_exchange_api_home/.config/taler/x-taler-bank.json
View File

@ -1,5 +1,4 @@
{
"url": "payto://x-taler-bank/http://localhost:8082/2",
"salt": "WGRD0W7YKD8ZAN960B0JBRARRY0K5FQ4920Q3DJBTYH4GY7W0XNAX1F04R5B1E0RWH1NFG08TM8K1517WNCXTJM9KMH4913Q5XPK0N8",
"master_sig": "J4N0KP64MGNEQX9HST9TDWK67152MSHHM9CTZH8GSMKD607BXSAF209AQYDKYT6QJP0NQXYXC1JMM9Z405DJHGV75JFMWP4G6WB6A00"
"master_sig": "KQ0BWSCNVR7HGGSAMCYK8ZM30RBS1MHMXT3QBN01PZWC9TV72FEE5RJ7T84C8134EPV6WEBXXY2MTFNE8ZXST6JEJQKR8HX6FQPVY10"
}

4
src/exchange-lib/testing_api_cmd_deposit.c
View File

@ -330,8 +330,8 @@ deposit_run (void *cls,
dr.h_contract_terms = h_contract_terms;
GNUNET_assert
(GNUNET_OK ==
TALER_JSON_wire_signature_hash (ds->wire_details,
&dr.h_wire));
TALER_JSON_merchant_wire_signature_hash (ds->wire_details,
&dr.h_wire));
dr.timestamp = GNUNET_TIME_absolute_hton (timestamp);
dr.refund_deadline = GNUNET_TIME_absolute_hton
(refund_deadline);

16
src/exchange-lib/testing_api_cmd_track.c
View File

@ -328,8 +328,8 @@ track_transaction_run (void *cls,
/* Should not fail here, json has been parsed already */
GNUNET_assert
( (GNUNET_OK ==
TALER_JSON_wire_signature_hash (wire_details,
&h_wire_details)) &&
TALER_JSON_merchant_wire_signature_hash (wire_details,
&h_wire_details)) &&
(GNUNET_OK ==
TALER_JSON_hash (j_contract_terms,
&h_contract_terms)) );
@ -614,8 +614,10 @@ track_transfer_cb
return;
}
if (GNUNET_OK != TALER_TESTING_get_trait_wire_details
(wire_details_cmd, 0, &wire_details))
if (GNUNET_OK !=
TALER_TESTING_get_trait_wire_details (wire_details_cmd,
0,
&wire_details))
{
GNUNET_break (0);
TALER_TESTING_interpreter_fail (is);
@ -623,9 +625,9 @@ track_transfer_cb
}
GNUNET_assert
(GNUNET_OK == TALER_JSON_wire_signature_hash
(wire_details,
&h_wire_details));
(GNUNET_OK ==
TALER_JSON_merchant_wire_signature_hash (wire_details,
&h_wire_details));
if (0 != memcmp (&h_wire_details,
h_wire,

22
src/exchange-tools/taler-exchange-wire.c
View File

@ -59,6 +59,7 @@ sign_account_data (void *cls,
json_t *wire;
char *json_out;
FILE *out;
int ret;
if (GNUNET_NO == ai->credit_enabled)
return;
@ -70,8 +71,9 @@ sign_account_data (void *cls,
global_ret = 1;
return;
}
wire = TALER_JSON_wire_signature_make (ai->payto_url,
&master_priv);
wire = TALER_JSON_exchange_wire_signature_make (ai->payto_url,
&master_priv);
GNUNET_assert (NULL != wire);
json_out = json_dumps (wire,
JSON_INDENT(2));
json_decref (wire);
@ -98,10 +100,20 @@ sign_account_data (void *cls,
free (json_out);
return;
}
fprintf (out,
"%s",
json_out);
ret = fprintf (out,
"%s",
json_out);
fclose (out);
if ( (0 == fclose (out)) &&
(-1 != ret) )
fprintf (stdout,
"Created wire account file `%s'\n",
ai->wire_response_filename);
else
fprintf (stderr,
"Failure creating wire account file `%s': %s\n",
ai->wire_response_filename,
STRERROR (errno));
free (json_out);
}

4
src/exchange/taler-exchange-aggregator.c
View File

@ -705,8 +705,8 @@ deposit_cb (void *cls,
GNUNET_break (0);
return GNUNET_DB_STATUS_HARD_ERROR;
}
TALER_JSON_wire_signature_hash (wire,
&au->h_wire);
TALER_JSON_merchant_wire_signature_hash (wire,
&au->h_wire);
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
&au->wtid,
sizeof (au->wtid));

4
src/exchange/taler-exchange-httpd_deposit.c
View File

@ -457,8 +457,8 @@ TEH_DEPOSIT_handler_deposit (struct TEH_RequestHandler *rh,
"timestamp");
}
if (GNUNET_OK !=
TALER_JSON_wire_signature_hash (wire,
&my_h_wire))
TALER_JSON_merchant_wire_signature_hash (wire,
&my_h_wire))
{
TALER_LOG_WARNING ("Failed to parse JSON wire format specification for /deposit request\n");
GNUNET_JSON_parse_free (spec);

6
src/exchange/taler-exchange-httpd_keystate.c
View File

@ -1633,6 +1633,9 @@ TEH_KS_release_ (const char *location,
struct TEH_KS_StateHandle *key_state)
{
GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"KS released at %s\n",
location);
ks_release (key_state);
GNUNET_assert (0 == pthread_mutex_unlock (&internal_key_state_mutex));
}
@ -1653,6 +1656,9 @@ TEH_KS_acquire_ (const char *location)
struct TEH_KS_StateHandle *key_state;
GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
"KS acquired at %s\n",
location);
if ( (NULL != internal_key_state) &&
(internal_key_state->next_reload.abs_value_us <= now.abs_value_us) )
{

4
src/exchange/taler-exchange-httpd_validation.c
View File

@ -158,8 +158,8 @@ load_account (void *cls,
}
GNUNET_free (url);
if (GNUNET_OK !=
TALER_JSON_wire_signature_check (wire_s,
&TEH_master_public_key))
TALER_JSON_exchange_wire_signature_check (wire_s,
&TEH_master_public_key))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Invalid signature in `%s'\n",

4
src/exchange/test_taler_exchange_aggregator.c
View File

@ -447,8 +447,8 @@ do_deposit (struct Command *cmd)
GNUNET_free (str);
}
GNUNET_assert (GNUNET_OK ==
TALER_JSON_wire_signature_hash (deposit.receiver_wire_account,
&deposit.h_wire));
TALER_JSON_merchant_wire_signature_hash (deposit.receiver_wire_account,
&deposit.h_wire));
deposit.timestamp = GNUNET_TIME_absolute_get ();
GNUNET_TIME_round_abs (&deposit.timestamp);
deposit.wire_deadline = GNUNET_TIME_relative_to_absolute (cmd->details.deposit.wire_deadline);

12
src/exchangedb/test_exchangedb.c
View File

@ -904,8 +904,8 @@ deposit_cb (void *cls,
deposit_rowid = rowid;
if (NULL != wire)
GNUNET_assert (GNUNET_OK ==
TALER_JSON_wire_signature_hash (wire,
&h_wire));
TALER_JSON_merchant_wire_signature_hash (wire,
&h_wire));
if ( (0 != memcmp (merchant_pub,
&deposit->merchant_pub,
sizeof (struct TALER_MerchantPublicKeyP))) ||
@ -1438,8 +1438,8 @@ wire_missing_cb (void *cls,
if (NULL != wire)
GNUNET_assert (GNUNET_OK ==
TALER_JSON_wire_signature_hash (wire,
&h_wire));
TALER_JSON_merchant_wire_signature_hash (wire,
&h_wire));
else
memset (&h_wire,
0,
@ -1922,8 +1922,8 @@ run (void *cls)
RND_BLK (&deposit.merchant_pub);
RND_BLK (&deposit.h_contract_terms);
GNUNET_assert (GNUNET_OK ==
TALER_JSON_wire_signature_hash (wire,
&deposit.h_wire));
TALER_JSON_merchant_wire_signature_hash (wire,
&deposit.h_wire));
deposit.receiver_wire_account = wire;
deposit.amount_with_fee = value;
deposit.deposit_fee = fee_deposit;

70
src/include/taler_crypto_lib.h
View File

@ -733,6 +733,45 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
/* **************** /wire account offline signing **************** */
/**
* Compute the hash of the given wire details. The resulting
* hash is what is put into the contract.
*
* @param payto_url bank account
* @param hc[out] set to the hash
*/
void
TALER_exchange_wire_signature_hash (const char *payto_url,
struct GNUNET_HashCode *hc);
/**
* Check the signature in @a wire_s.
*
* @param payto_url URL that is signed
* @param master_pub master public key of the exchange
* @param master_sig signature of the exchange
* @return #GNUNET_OK if signature is valid
*/
int
TALER_exchange_wire_signature_check (const char *payto_url,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig);
/**
* Create a signed wire statement for the given account.
*
* @param payto_url account specification
* @param master_priv private key to sign with
* @param master_sig[out] where to write the signature
*/
void
TALER_exchange_wire_signature_make (const char *payto_url,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig);
/**
* Compute the hash of the given wire details. The resulting
* hash is what is put into the contract.
@ -742,24 +781,25 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
* @param hc[out] set to the hash
*/
void
TALER_wire_signature_hash (const char *payto_url,
const char *salt,
struct GNUNET_HashCode *hc);
TALER_merchant_wire_signature_hash (const char *payto_url,
const char *salt,
struct GNUNET_HashCode *hc);
/**
* Check the signature in @a wire_s.
*
* @param payto_url URL that is signed
* @param salt the salt used to salt the @a payto_url when hashing
* @param master_pub master public key of the exchange
* @param master_sig signature of the exchange
* @param merch_pub public key of the merchant
* @param merch_sig signature of the merchant
* @return #GNUNET_OK if signature is valid
*/
int
TALER_wire_signature_check (const char *payto_url,
const char *salt,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig);
TALER_merchant_wire_signature_check (const char *payto_url,
const char *salt,
const struct TALER_MerchantPublicKeyP *merch_pub,
const struct TALER_MerchantSignatureP *merch_sig);
/**
@ -767,14 +807,14 @@ TALER_wire_signature_check (const char *payto_url,
*
* @param payto_url account specification
* @param salt the salt used to salt the @a payto_url when hashing
* @param master_priv private key to sign with
* @param master_sig[out] where to write the signature
* @param merch_priv private key to sign with
* @param merch_sig[out] where to write the signature
*/
void
TALER_wire_signature_make (const char *payto_url,
const char *salt,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig);
TALER_merchant_wire_signature_make (const char *payto_url,
const char *salt,
const struct TALER_MerchantPrivateKeyP *merch_priv,
struct TALER_MerchantSignatureP *merch_sig);
#endif

5
src/include/taler_exchange_service.h
View File

@ -479,11 +479,6 @@ struct TALER_EXCHANGE_WireAccount
*/
const char *url;
/**
* Salt used to generate @e master_sig.
*/
const char *salt;
/**
* Signature of the exchange over the account (was checked by the API).
*/

26
src/include/taler_json_lib.h
View File

@ -137,8 +137,22 @@ TALER_JSON_get_error_code (const json_t *json);
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
*/
int
TALER_JSON_wire_signature_hash (const json_t *wire_s,
struct GNUNET_HashCode *hc);
TALER_JSON_merchant_wire_signature_hash (const json_t *wire_s,
struct GNUNET_HashCode *hc);
/**
* Compute the hash of the given wire details. The resulting
* hash is what is signed by the master public key.
*
* @param wire_s wire details to hash
* @param hc[out] set to the hash
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
*/
int
TALER_JSON_exchange_wire_signature_hash (const json_t *wire_s,
struct GNUNET_HashCode *hc);
/**
* Check the signature in @a wire_s.
@ -148,8 +162,8 @@ TALER_JSON_wire_signature_hash (const json_t *wire_s,
* @return #GNUNET_OK if signature is valid
*/
int
TALER_JSON_wire_signature_check (const json_t *wire_s,
const struct TALER_MasterPublicKeyP *master_pub);
TALER_JSON_exchange_wire_signature_check (const json_t *wire_s,
const struct TALER_MasterPublicKeyP *master_pub);
/**
@ -159,8 +173,8 @@ TALER_JSON_wire_signature_check (const json_t *wire_s,
* @param master_priv private key to sign with, NULL to not sign
*/
json_t *
TALER_JSON_wire_signature_make (const char *payto_url,
const struct TALER_MasterPrivateKeyP *master_priv);
TALER_JSON_exchange_wire_signature_make (const char *payto_url,
const struct TALER_MasterPrivateKeyP *master_priv);
/**

6
src/include/taler_signatures.h
View File

@ -178,6 +178,12 @@
*/
#define TALER_SIGNATURE_MERCHANT_PAY_SESSION 1106
/**
* Signature where the merchant confirms its own (salted)
* wire details (not yet really used).
*/
#define TALER_SIGNATURE_MERCHANT_WIRE_DETAILS 1107
/*********************/
/* Wallet signatures */

1
src/include/taler_wire_lib.h
View File

@ -46,6 +46,7 @@ struct TALER_WIRE_Plugin *
TALER_WIRE_plugin_load (const struct GNUNET_CONFIGURATION_Handle *cfg,
const char *plugin_name);
/**
* Unload a WIRE plugin.
*

92
src/json/json_wire.c
View File

@ -34,8 +34,40 @@
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
*/
int
TALER_JSON_wire_signature_hash (const json_t *wire_s,
struct GNUNET_HashCode *hc)
TALER_JSON_exchange_wire_signature_hash (const json_t *wire_s,
struct GNUNET_HashCode *hc)
{
const char *payto_url;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_string ("url", &payto_url),
GNUNET_JSON_spec_end ()
};
if (GNUNET_OK !=
GNUNET_JSON_parse (wire_s,
spec,
NULL, NULL))
{
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
TALER_exchange_wire_signature_hash (payto_url,
hc);
return GNUNET_OK;
}
/**
* Compute the hash of the given wire details. The resulting
* hash is what is put into the contract.
*
* @param wire_s wire details to hash
* @param hc[out] set to the hash
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
*/
int
TALER_JSON_merchant_wire_signature_hash (const json_t *wire_s,
struct GNUNET_HashCode *hc)
{
const char *payto_url;
const char *salt;
@ -53,9 +85,9 @@ TALER_JSON_wire_signature_hash (const json_t *wire_s,
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
TALER_wire_signature_hash (payto_url,
salt,
hc);
TALER_merchant_wire_signature_hash (payto_url,
salt,
hc);
return GNUNET_OK;
}
@ -68,15 +100,13 @@ TALER_JSON_wire_signature_hash (const json_t *wire_s,
* @return #GNUNET_OK if signature is valid
*/
int
TALER_JSON_wire_signature_check (const json_t *wire_s,
const struct TALER_MasterPublicKeyP *master_pub)
TALER_JSON_exchange_wire_signature_check (const json_t *wire_s,
const struct TALER_MasterPublicKeyP *master_pub)
{
const char *payto_url;
const char *salt;
struct TALER_MasterSignatureP master_sig;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_string ("url", &payto_url),
GNUNET_JSON_spec_string ("salt", &salt),
GNUNET_JSON_spec_fixed_auto ("master_sig", &master_sig),
GNUNET_JSON_spec_end ()
};
@ -89,10 +119,9 @@ TALER_JSON_wire_signature_check (const json_t *wire_s,
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
return TALER_wire_signature_check (payto_url,
salt,
master_pub,
&master_sig);
return TALER_exchange_wire_signature_check (payto_url,
master_pub,
&master_sig);
}
@ -103,38 +132,17 @@ TALER_JSON_wire_signature_check (const json_t *wire_s,
* @param master_priv private key to sign with, NULL to not sign
*/
json_t *
TALER_JSON_wire_signature_make (const char *payto_url,
const struct TALER_MasterPrivateKeyP *master_priv)
TALER_JSON_exchange_wire_signature_make (const char *payto_url,
const struct TALER_MasterPrivateKeyP *master_priv)
{
struct TALER_MasterSignatureP master_sig;
struct GNUNET_HashCode salt;
char *salt_str;
json_t *ret;
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
&salt,
sizeof (salt));
salt_str = GNUNET_STRINGS_data_to_string_alloc (&salt,
sizeof (salt));
if (NULL != master_priv)
{
TALER_wire_signature_make (payto_url,
salt_str,
master_priv,
&master_sig);
ret = json_pack ("{s:s, s:s, s:o}",
"url", payto_url,
"salt", salt_str,
"master_sig", GNUNET_JSON_from_data_auto (&master_sig));
}
else
{
ret = json_pack ("{s:s, s:s}",
"url", payto_url,
"salt", salt_str);
}
GNUNET_free (salt_str);
return ret;
TALER_exchange_wire_signature_make (payto_url,
master_priv,
&master_sig);
return json_pack ("{s:s, s:o}",
"url", payto_url,
"master_sig", GNUNET_JSON_from_data_auto (&master_sig));
}

122
src/util/crypto_wire.c
View File

@ -22,28 +22,25 @@
#include "taler_crypto_lib.h"
#include "taler_signatures.h"
/**
* Compute the hash of the given wire details. The resulting
* hash is what is put into the contract.
*
* @param payto_url bank account
* @param salt salt used to eliminate brute-force inversion
* @param hc[out] set to the hash
*/
void
TALER_wire_signature_hash (const char *payto_url,
const char *salt,
struct GNUNET_HashCode *hc)
TALER_exchange_wire_signature_hash (const char *payto_url,
struct GNUNET_HashCode *hc)
{
GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_kdf (hc,
sizeof (*hc),
salt,
strlen (salt) + 1,
payto_url,
strlen (payto_url) + 1,
"wire-signature",
strlen ("wire-signature"),
"exchange-wire-signature",
strlen ("exchange-wire-signature"),
NULL, 0));
}
@ -52,24 +49,21 @@ TALER_wire_signature_hash (const char *payto_url,
* Check the signature in @a wire_s.
*
* @param payto_url URL that is signed
* @param salt the salt used to salt the @a payto_url when hashing
* @param master_pub master public key of the exchange
* @param master_sig signature of the exchange
* @return #GNUNET_OK if signature is valid
*/
int
TALER_wire_signature_check (const char *payto_url,
const char *salt,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig)
TALER_exchange_wire_signature_check (const char *payto_url,
const struct TALER_MasterPublicKeyP *master_pub,
const struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterWireDetailsPS wd;
wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
wd.purpose.size = htonl (sizeof (wd));
TALER_wire_signature_hash (payto_url,
salt,
&wd.h_wire_details);
TALER_exchange_wire_signature_hash (payto_url,
&wd.h_wire_details);
return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_WIRE_DETAILS,
&wd.purpose,
&master_sig->eddsa_signature,
@ -81,23 +75,20 @@ TALER_wire_signature_check (const char *payto_url,
* Create a signed wire statement for the given account.
*
* @param payto_url account specification
* @param salt the salt used to salt the @a payto_url when hashing
* @param master_priv private key to sign with
* @param master_sig[out] where to write the signature
*/
void
TALER_wire_signature_make (const char *payto_url,
const char *salt,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig)
TALER_exchange_wire_signature_make (const char *payto_url,
const struct TALER_MasterPrivateKeyP *master_priv,
struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterWireDetailsPS wd;
wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
wd.purpose.size = htonl (sizeof (wd));
TALER_wire_signature_hash (payto_url,
salt,
&wd.h_wire_details);
TALER_exchange_wire_signature_hash (payto_url,
&wd.h_wire_details);
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
&wd.purpose,
@ -105,4 +96,87 @@ TALER_wire_signature_make (const char *payto_url,
}
/**
* Compute the hash of the given wire details. The resulting
* hash is what is put into the contract.
*
* @param payto_url bank account
* @param salt salt used to eliminate brute-force inversion
* @param hc[out] set to the hash
*/
void
TALER_merchant_wire_signature_hash (const char *payto_url,
const char *salt,
struct GNUNET_HashCode *hc)
{
GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_kdf (hc,
sizeof (*hc),
salt,
strlen (salt) + 1,
payto_url,
strlen (payto_url) + 1,
"merchant-wire-signature",
strlen ("merchant-wire-signature"),
NULL, 0));
}
/**
* Check the signature in @a merch_sig. (Not yet used anywhere.)
*
* @param payto_url URL that is signed
* @param salt the salt used to salt the @a payto_url when hashing
* @param merch_pub master public key of the merchant
* @param merch_sig signature of the merchant
* @return #GNUNET_OK if signature is valid
*/
int
TALER_merchant_wire_signature_check (const char *payto_url,
const char *salt,
const struct TALER_MerchantPublicKeyP *merch_pub,
const struct TALER_MerchantSignatureP *merch_sig)
{
struct TALER_MasterWireDetailsPS wd;
wd.purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS);
wd.purpose.size = htonl (sizeof (wd));
TALER_merchant_wire_signature_hash (payto_url,
salt,
&wd.h_wire_details);
return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS,
&wd.purpose,
&merch_sig->eddsa_sig,
&merch_pub->eddsa_pub);
}
/**
* Create a signed wire statement for the given account. (Not yet used anywhere.)
*
* @param payto_url account specification
* @param salt the salt used to salt the @a payto_url when hashing
* @param merchant_priv private key to sign with
* @param merchant_sig[out] where to write the signature
*/
void
TALER_merchant_wire_signature_make (const char *payto_url,
const char *salt,
const struct TALER_MerchantPrivateKeyP *merch_priv,
struct TALER_MerchantSignatureP *merch_sig)
{
struct TALER_MasterWireDetailsPS wd;
wd.purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS);
wd.purpose.size = htonl (sizeof (wd));
TALER_merchant_wire_signature_hash (payto_url,
salt,
&wd.h_wire_details);
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (&merch_priv->eddsa_priv,
&wd.purpose,
&merch_sig->eddsa_sig));
}
/* end of crypto_wire.c */