secmod cs signatures implementation

src/include/taler_crypto_lib.h

@@ -408,6 +408,20 @@ struct TALER_WireSalt
 };
 
 
+/**
+ * Hash used to represent an CS public key.  Does not include age
+ * restrictions and is ONLY for CS.  Used ONLY for interactions with the CS
+ * security module.
+ */
+struct TALER_CsPubHashP
+{
+  /**
+   * Actual hash value.
+   */
+  struct GNUNET_HashCode hash;
+};
+
+
 /**
  * Hash used to represent an RSA public key.  Does not include age
  * restrictions and is ONLY for RSA.  Used ONLY for interactions with the RSA
@@ -2448,6 +2462,47 @@ TALER_exchange_secmod_rsa_verify (
   const struct TALER_SecurityModuleSignatureP *secm_sig);
 
 
+/**
+ * Create security module denomination signature.
+ *
+ * @param h_cs hash of the CS public key to sign
+ * @param section_name name of the section in the configuration
+ * @param start_sign starting point of validity for signing
+ * @param duration how long will the key be in use
+ * @param secm_priv security module key to sign with
+ * @param[out] secm_sig where to write the signature
+ */
+void
+TALER_exchange_secmod_cs_sign (
+  const struct TALER_CsPubHashP *h_cs,
+  const char *section_name,
+  struct GNUNET_TIME_Timestamp start_sign,
+  struct GNUNET_TIME_Relative duration,
+  const struct TALER_SecurityModulePrivateKeyP *secm_priv,
+  struct TALER_SecurityModuleSignatureP *secm_sig);
+
+
+/**
+ * Verify security module denomination signature.
+ *
+ * @param h_cs hash of the public key to validate
+ * @param section_name name of the section in the configuration
+ * @param start_sign starting point of validity for signing
+ * @param duration how long will the key be in use
+ * @param secm_pub public key to verify against
+ * @param secm_sig the signature the signature
+ * @return #GNUNET_OK if the signature is valid
+ */
+enum GNUNET_GenericReturnValue
+TALER_exchange_secmod_cs_verify (
+  const struct TALER_CsPubHashP *h_cs,
+  const char *section_name,
+  struct GNUNET_TIME_Timestamp start_sign,
+  struct GNUNET_TIME_Relative duration,
+  const struct TALER_SecurityModulePublicKeyP *secm_pub,
+  const struct TALER_SecurityModuleSignatureP *secm_sig);
+
+
 /**
  * Create denomination key validity signature by the auditor.
  *

src/include/taler_signatures.h

@@ -287,6 +287,11 @@
  */
 #define TALER_SIGNATURE_SM_SIGNING_KEY 1251
 
+/**
+ * Signature on a denomination key announcement.
+ */
+#define TALER_SIGNATURE_SM_CS_DENOMINATION_KEY 1252
+
 /*******************/
 /* Test signatures */
 /*******************/
@@ -341,7 +346,7 @@ struct TALER_DenominationKeyAnnouncementPS
   /**
    * Hash of the denomination public key.
    */
-  struct TALER_RsaPubHashP h_rsa;
+  struct TALER_DenominationHash h_denom;
 
   /**
    * Hash of the section name in the configuration of this denomination.

src/util/secmod_signatures.c

@@ -81,7 +81,7 @@ TALER_exchange_secmod_rsa_sign (
   struct TALER_DenominationKeyAnnouncementPS dka = {
     .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
     .purpose.size = htonl (sizeof (dka)),
-    .h_rsa = *h_rsa,
+    .h_denom.hash = h_rsa->hash,
     .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
     .duration_withdraw = GNUNET_TIME_relative_hton (duration)
   };
@@ -108,7 +108,7 @@ TALER_exchange_secmod_rsa_verify (
   struct TALER_DenominationKeyAnnouncementPS dka = {
     .purpose.purpose = htonl (TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY),
     .purpose.size = htonl (sizeof (dka)),
-    .h_rsa = *h_rsa,
+    .h_denom.hash = h_rsa->hash,
     .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
     .duration_withdraw = GNUNET_TIME_relative_hton (duration)
   };
@@ -124,4 +124,59 @@ TALER_exchange_secmod_rsa_verify (
 }
 
 
+void
+TALER_exchange_secmod_cs_sign (
+  const struct TALER_CsPubHashP *h_cs,
+  const char *section_name,
+  struct GNUNET_TIME_Timestamp start_sign,
+  struct GNUNET_TIME_Relative duration,
+  const struct TALER_SecurityModulePrivateKeyP *secm_priv,
+  struct TALER_SecurityModuleSignatureP *secm_sig)
+{
+  struct TALER_DenominationKeyAnnouncementPS dka = {
+    .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
+    .purpose.size = htonl (sizeof (dka)),
+    .h_denom.hash = h_cs->hash,
+    .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
+    .duration_withdraw = GNUNET_TIME_relative_hton (duration)
+  };
+
+  GNUNET_CRYPTO_hash (section_name,
+                      strlen (section_name) + 1,
+                      &dka.h_section_name);
+  GNUNET_CRYPTO_eddsa_sign (&secm_priv->eddsa_priv,
+                            &dka,
+                            &secm_sig->eddsa_signature);
+
+}
+
+
+enum GNUNET_GenericReturnValue
+TALER_exchange_secmod_cs_verify (
+  const struct TALER_CsPubHashP *h_cs,
+  const char *section_name,
+  struct GNUNET_TIME_Timestamp start_sign,
+  struct GNUNET_TIME_Relative duration,
+  const struct TALER_SecurityModulePublicKeyP *secm_pub,
+  const struct TALER_SecurityModuleSignatureP *secm_sig)
+{
+  struct TALER_DenominationKeyAnnouncementPS dka = {
+    .purpose.purpose = htonl (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY),
+    .purpose.size = htonl (sizeof (dka)),
+    .h_denom.hash = h_cs->hash,
+    .anchor_time = GNUNET_TIME_timestamp_hton (start_sign),
+    .duration_withdraw = GNUNET_TIME_relative_hton (duration)
+  };
+
+  GNUNET_CRYPTO_hash (section_name,
+                      strlen (section_name) + 1,
+                      &dka.h_section_name);
+  return
+    GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_SM_CS_DENOMINATION_KEY,
+                                &dka,
+                                &secm_sig->eddsa_signature,
+                                &secm_pub->eddsa_pub);
+}
+
+
 /* end of secmod_signatures.c */