From a72337a5f39b4e826055974fbc5a3261759ebbec Mon Sep 17 00:00:00 2001 From: Thien-Thi Nguyen Date: Thu, 21 Apr 2022 06:16:33 -0400 Subject: [PATCH] Add abstractions: TALER_exchange_deposit_{sign,verify} MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This change also removes ‘struct TALER_DepositTrackPS’ from the public API. * src/include/taler_signatures.h (struct TALER_DepositTrackPS): Delete. * src/util/exchange_signatures.c (struct TALER_DepositTrackPS): New. (TALER_exchange_deposit_sign): New func. (TALER_exchange_deposit_verify): New func. * src/include/taler_crypto_lib.h (TALER_exchange_deposit_sign): New func decl. (TALER_exchange_deposit_verify): New func decl. * src/exchange/taler-exchange-httpd_deposits_get.c (TEH_handler_deposits_get): Rework to use ‘TALER_exchange_deposit_verify’. * src/lib/exchange_api_deposits_get.c (TALER_EXCHANGE_deposits_get): Rework to use ‘taler_exchange_deposit_sign’. --- .../taler-exchange-httpd_deposits_get.c | 18 ++-- src/include/taler_crypto_lib.h | 40 +++++++++ src/include/taler_signatures.h | 36 -------- src/lib/exchange_api_deposits_get.c | 24 +++-- src/util/exchange_signatures.c | 87 +++++++++++++++++++ 5 files changed, 142 insertions(+), 63 deletions(-) diff --git a/src/exchange/taler-exchange-httpd_deposits_get.c b/src/exchange/taler-exchange-httpd_deposits_get.c index fdb1a606c..509b8a214 100644 --- a/src/exchange/taler-exchange-httpd_deposits_get.c +++ b/src/exchange/taler-exchange-httpd_deposits_get.c @@ -328,20 +328,12 @@ TEH_handler_deposits_get (struct TEH_RequestContext *rc, return MHD_YES; /* parse error */ TEH_METRICS_num_verifications[TEH_MT_SIGNATURE_EDDSA]++; { - struct TALER_DepositTrackPS tps = { - .purpose.size = htonl (sizeof (tps)), - .purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION), - .merchant = ctx.merchant, - .coin_pub = ctx.coin_pub, - .h_contract_terms = ctx.h_contract_terms, - .h_wire = ctx.h_wire - }; - if (GNUNET_OK != - GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION, - &tps, - &merchant_sig.eddsa_sig, - &tps.merchant.eddsa_pub)) + TALER_exchange_deposit_verify (&ctx.merchant, + &ctx.coin_pub, + &ctx.h_contract_terms, + &ctx.h_wire, + &merchant_sig)) { GNUNET_break_op (0); return TALER_MHD_reply_with_error (rc->connection, diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h index 1e4a278c1..2cf4c8f4b 100644 --- a/src/include/taler_crypto_lib.h +++ b/src/include/taler_crypto_lib.h @@ -3370,6 +3370,46 @@ TALER_merchant_refund_verify ( const struct TALER_MerchantSignatureP *merchant_sig); +/* ********************* exchange deposit signing ************************* */ + +/** + * Sign a deposit. + * + * @param h_contract_terms hash of contract terms + * @param h_wire hash of the merchant account details + * @param coin_pub coin to be deposited + * @param merchant_pub merchant public key + * @param merchant_priv private key to sign with + * @param[out] merchant_sig where to write the signature + */ +void +TALER_exchange_deposit_sign ( + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_MerchantPublicKeyP *merchant_pub, + const struct TALER_MerchantPrivateKeyP *merchant_priv, + struct TALER_MerchantSignatureP *merchant_sig); + +/** + * Verify a deposit. + * + * @param merchant merchant public key + * @param public key of the deposited coin + * @param h_contract_terms hash of contract terms + * @param h_wire hash of the merchant account details + * @param merchant_sig signature of the merchant + * @return #GNUNET_OK if the signature is valid + */ +enum GNUNET_GenericReturnValue +TALER_exchange_deposit_verify ( + const struct TALER_MerchantPublicKeyP *merchant, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_MerchantSignatureP *merchant_sig); + + /* ********************* exchange online signing ************************** */ diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h index 0137ff65e..81e74268f 100644 --- a/src/include/taler_signatures.h +++ b/src/include/taler_signatures.h @@ -386,42 +386,6 @@ GNUNET_NETWORK_STRUCT_BEGIN -/** - * @brief Format used to generate the signature on a request to obtain - * the wire transfer identifier associated with a deposit. - */ -struct TALER_DepositTrackPS -{ - /** - * Purpose must be #TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION. - */ - struct GNUNET_CRYPTO_EccSignaturePurpose purpose; - - /** - * Hash over the proposal data of the contract for which this deposit is made. - */ - struct TALER_PrivateContractHashP h_contract_terms GNUNET_PACKED; - - /** - * Hash over the wiring information of the merchant. - */ - struct TALER_MerchantWireHashP h_wire GNUNET_PACKED; - - /** - * The Merchant's public key. The deposit inquiry request is to be - * signed by the corresponding private key (using EdDSA). - */ - struct TALER_MerchantPublicKeyP merchant; - - /** - * The coin's public key. This is the value that must have been - * signed (blindly) by the Exchange. - */ - struct TALER_CoinSpendPublicKeyP coin_pub; - -}; - - GNUNET_NETWORK_STRUCT_END #endif diff --git a/src/lib/exchange_api_deposits_get.c b/src/lib/exchange_api_deposits_get.c index 32c60f1fc..6a212de35 100644 --- a/src/lib/exchange_api_deposits_get.c +++ b/src/lib/exchange_api_deposits_get.c @@ -301,7 +301,7 @@ TALER_EXCHANGE_deposits_get ( TALER_EXCHANGE_DepositGetCallback cb, void *cb_cls) { - struct TALER_DepositTrackPS dtp; + struct TALER_MerchantPublicKeyP merchant; struct TALER_MerchantSignatureP merchant_sig; struct TALER_EXCHANGE_DepositGetHandle *dwh; struct GNUNET_CURL_Context *ctx; @@ -318,18 +318,14 @@ TALER_EXCHANGE_deposits_get ( GNUNET_break (0); return NULL; } - // FIXME: move to helper! - dtp.purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION); - dtp.purpose.size = htonl (sizeof (dtp)); - dtp.h_contract_terms = *h_contract_terms; - dtp.h_wire = *h_wire; GNUNET_CRYPTO_eddsa_key_get_public (&merchant_priv->eddsa_priv, - &dtp.merchant.eddsa_pub); - - dtp.coin_pub = *coin_pub; - GNUNET_CRYPTO_eddsa_sign (&merchant_priv->eddsa_priv, - &dtp, - &merchant_sig.eddsa_sig); + &merchant.eddsa_pub); + TALER_exchange_deposit_sign (h_contract_terms, + h_wire, + coin_pub, + &merchant, + merchant_priv, + &merchant_sig); { char cpub_str[sizeof (struct TALER_CoinSpendPublicKeyP) * 2]; char mpub_str[sizeof (struct TALER_MerchantPublicKeyP) * 2]; @@ -343,8 +339,8 @@ TALER_EXCHANGE_deposits_get ( whash_str, sizeof (whash_str)); *end = '\0'; - end = GNUNET_STRINGS_data_to_string (&dtp.merchant, - sizeof (dtp.merchant), + end = GNUNET_STRINGS_data_to_string (&merchant, + sizeof (merchant), mpub_str, sizeof (mpub_str)); *end = '\0'; diff --git a/src/util/exchange_signatures.c b/src/util/exchange_signatures.c index d6214ab3e..deacf32e5 100644 --- a/src/util/exchange_signatures.c +++ b/src/util/exchange_signatures.c @@ -23,6 +23,93 @@ #include "taler_signatures.h" +GNUNET_NETWORK_STRUCT_BEGIN + +/** + * @brief Format used to generate the signature on a request to obtain + * the wire transfer identifier associated with a deposit. + */ +struct TALER_DepositTrackPS +{ + /** + * Purpose must be #TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION. + */ + struct GNUNET_CRYPTO_EccSignaturePurpose purpose; + + /** + * Hash over the proposal data of the contract for which this deposit is made. + */ + struct TALER_PrivateContractHashP h_contract_terms GNUNET_PACKED; + + /** + * Hash over the wiring information of the merchant. + */ + struct TALER_MerchantWireHashP h_wire GNUNET_PACKED; + + /** + * The Merchant's public key. The deposit inquiry request is to be + * signed by the corresponding private key (using EdDSA). + */ + struct TALER_MerchantPublicKeyP merchant; + + /** + * The coin's public key. This is the value that must have been + * signed (blindly) by the Exchange. + */ + struct TALER_CoinSpendPublicKeyP coin_pub; + +}; + +GNUNET_NETWORK_STRUCT_END + + +void +TALER_exchange_deposit_sign ( + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_MerchantPublicKeyP *merchant_pub, + const struct TALER_MerchantPrivateKeyP *merchant_priv, + struct TALER_MerchantSignatureP *merchant_sig) +{ + struct TALER_DepositTrackPS dtp = { + .purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION), + .purpose.size = htonl (sizeof (dtp)), + .h_contract_terms = *h_contract_terms, + .h_wire = *h_wire, + .merchant = *merchant_pub, + .coin_pub = *coin_pub + }; + GNUNET_CRYPTO_eddsa_sign (&merchant_priv->eddsa_priv, + &dtp, + &merchant_sig->eddsa_sig); +} + +enum GNUNET_GenericReturnValue +TALER_exchange_deposit_verify ( + const struct TALER_MerchantPublicKeyP *merchant, + const struct TALER_CoinSpendPublicKeyP *coin_pub, + const struct TALER_PrivateContractHashP *h_contract_terms, + const struct TALER_MerchantWireHashP *h_wire, + const struct TALER_MerchantSignatureP *merchant_sig) +{ + struct TALER_DepositTrackPS tps = { + .purpose.size = htonl (sizeof (tps)), + .purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION), + .merchant = *merchant, + .coin_pub = *coin_pub, + .h_contract_terms = *h_contract_terms, + .h_wire = *h_wire + }; + + return + GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MERCHANT_TRACK_TRANSACTION, + &tps, + &merchant_sig->eddsa_sig, + &tps.merchant.eddsa_pub); +} + + GNUNET_NETWORK_STRUCT_BEGIN /**