-introduce 'struct TALER_WireSalt'

2021-10-09 16:11:04 +02:00 · 2021-10-09 16:11:04 +02:00 · d8922f82e5
commit d8922f82e5
parent 676ccdc065
3 changed files with 52 additions and 17 deletions
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@ -359,6 +359,20 @@ struct TALER_ClaimTokenP
 };


+/**
+ * Salt used to hash a merchant's payto:// URI to
+ * compute the "h_wire" (say for deposit requests).
+ */
+struct TALER_WireSalt
+{
+  /**
+   * Actual salt value.
+   * FIXME: #7032: change to 16 byte value!
+   */
+  struct GNUNET_HashCode data;
+};
+
+
 GNUNET_NETWORK_STRUCT_END


@ -1658,7 +1672,7 @@ TALER_exchange_wire_signature_make (
 */
 void
 TALER_merchant_wire_signature_hash (const char *payto_uri,
-                                    const char *salt,
+                                    const struct TALER_WireSalt *salt,
                                    struct GNUNET_HashCode *hc);


@ -1674,7 +1688,7 @@ TALER_merchant_wire_signature_hash (const char *payto_uri,
 enum GNUNET_GenericReturnValue
 TALER_merchant_wire_signature_check (
  const char *payto_uri,
-  const char *salt,
+  const struct TALER_WireSalt *salt,
  const struct TALER_MerchantPublicKeyP *merch_pub,
  const struct TALER_MerchantSignatureP *merch_sig);

@ -1690,7 +1704,7 @@ TALER_merchant_wire_signature_check (
 void
 TALER_merchant_wire_signature_make (
  const char *payto_uri,
-  const char *salt,
+  const struct TALER_WireSalt *salt,
  const struct TALER_MerchantPrivateKeyP *merch_priv,
  struct TALER_MerchantSignatureP *merch_sig);

--- a/src/json/json_wire.c
+++ b/src/json/json_wire.c
@ -1,6 +1,6 @@
 /*
  This file is part of TALER
-  Copyright (C) 2018 Taler Systems SA
+  Copyright (C) 2018, 2021 Taler Systems SA

  TALER is free software; you can redistribute it and/or modify it under the
  terms of the GNU General Public License as published by the Free Software
@ -37,13 +37,12 @@ TALER_JSON_merchant_wire_signature_hash (const json_t *wire_s,
                                         struct GNUNET_HashCode *hc)
 {
  const char *payto_uri;
-  const char *salt;
-  /* Current merchant backend will always make the salt
-     a `struct GNUNET_HashCode`, but *we* do not insist
-     on that. */
+  struct TALER_WireSalt salt;
  struct GNUNET_JSON_Specification spec[] = {
-    GNUNET_JSON_spec_string ("payto_uri", &payto_uri),
-    GNUNET_JSON_spec_string ("salt", &salt),
+    GNUNET_JSON_spec_string ("payto_uri",
+                             &payto_uri),
+    GNUNET_JSON_spec_fixed_auto ("salt",
+                                 &salt),
    GNUNET_JSON_spec_end ()
  };

@ -73,7 +72,7 @@ TALER_JSON_merchant_wire_signature_hash (const json_t *wire_s,
    }
  }
  TALER_merchant_wire_signature_hash (payto_uri,
-                                      salt,
+                                      &salt,
                                      hc);
  return GNUNET_OK;
 }
@ -95,8 +94,10 @@ TALER_JSON_exchange_wire_signature_check (
  const char *payto_uri;
  struct TALER_MasterSignatureP master_sig;
  struct GNUNET_JSON_Specification spec[] = {
-    GNUNET_JSON_spec_string ("payto_uri", &payto_uri),
-    GNUNET_JSON_spec_fixed_auto ("master_sig", &master_sig),
+    GNUNET_JSON_spec_string ("payto_uri",
+                             &payto_uri),
+    GNUNET_JSON_spec_fixed_auto ("master_sig",
+                                 &master_sig),
    GNUNET_JSON_spec_end ()
  };

--- a/src/util/crypto_wire.c
+++ b/src/util/crypto_wire.c
@ -110,19 +110,39 @@ TALER_exchange_wire_signature_make (
 */
 void
 TALER_merchant_wire_signature_hash (const char *payto_uri,
-                                    const char *salt,
+                                    const struct TALER_WireSalt *salt,
                                    struct GNUNET_HashCode *hc)
 {
+#if FIXED_7032
+  /* new logic to use once #7032 is being addressed */
  GNUNET_assert (GNUNET_YES ==
                 GNUNET_CRYPTO_kdf (hc,
                                    sizeof (*hc),
                                    salt,
-                                    strlen (salt) + 1,
+                                    sizeof (*salt),
                                    payto_uri,
                                    strlen (payto_uri) + 1,
                                    "merchant-wire-signature",
                                    strlen ("merchant-wire-signature"),
                                    NULL, 0));
+#else
+  /* compatibility logic to avoid protocol breakage... */
+  char *sstr;
+
+  sstr = GNUNET_STRINGS_data_to_string_alloc (salt,
+                                              sizeof (*salt));
+  GNUNET_assert (GNUNET_YES ==
+                 GNUNET_CRYPTO_kdf (hc,
+                                    sizeof (*hc),
+                                    sstr,
+                                    strlen (sstr) + 1,
+                                    payto_uri,
+                                    strlen (payto_uri) + 1,
+                                    "merchant-wire-signature",
+                                    strlen ("merchant-wire-signature"),
+                                    NULL, 0));
+  GNUNET_free (sstr);
+#endif
 }


@ -146,7 +166,7 @@ TALER_merchant_wire_signature_hash (const char *payto_uri,
 enum GNUNET_GenericReturnValue
 TALER_merchant_wire_signature_check (
  const char *payto_uri,
-  const char *salt,
+  const struct TALER_WireSalt *salt,
  const struct TALER_MerchantPublicKeyP *merch_pub,
  const struct TALER_MerchantSignatureP *merch_sig)
 {
@ -176,7 +196,7 @@ TALER_merchant_wire_signature_check (
 void
 TALER_merchant_wire_signature_make (
  const char *payto_uri,
-  const char *salt,
+  const struct TALER_WireSalt *salt,
  const struct TALER_MerchantPrivateKeyP *merch_priv,
  struct TALER_MerchantSignatureP *merch_sig)
 {