aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2018-10-06 15:05:06 +0200
committerChristian Grothoff <christian@grothoff.org>2018-10-06 15:05:06 +0200
commita56e2e34bce77d41a6d3a2cbbcb89119b98ef750 (patch)
treef71989d1aa318d62d2e0e4acd94f6b6454329535
parent81ce7abe190751da205bced8ca340e1cdc83e4f0 (diff)
fix #5434 (no more salt in exchange wire replies)
-rw-r--r--src/auditor/taler-auditor.c12
-rw-r--r--src/exchange-lib/exchange_api_deposit.c4
-rw-r--r--src/exchange-lib/exchange_api_wire.c5
-rw-r--r--src/exchange-lib/test_exchange_api_home/.config/taler/account-2.json3
-rw-r--r--src/exchange-lib/test_exchange_api_home/.config/taler/x-taler-bank.json3
-rw-r--r--src/exchange-lib/testing_api_cmd_deposit.c4
-rw-r--r--src/exchange-lib/testing_api_cmd_track.c16
-rw-r--r--src/exchange-tools/taler-exchange-wire.c22
-rw-r--r--src/exchange/taler-exchange-aggregator.c4
-rw-r--r--src/exchange/taler-exchange-httpd_deposit.c4
-rw-r--r--src/exchange/taler-exchange-httpd_keystate.c6
-rw-r--r--src/exchange/taler-exchange-httpd_validation.c4
-rw-r--r--src/exchange/test_taler_exchange_aggregator.c4
-rw-r--r--src/exchangedb/test_exchangedb.c12
-rw-r--r--src/include/taler_crypto_lib.h68
-rw-r--r--src/include/taler_exchange_service.h5
-rw-r--r--src/include/taler_json_lib.h26
-rw-r--r--src/include/taler_signatures.h6
-rw-r--r--src/include/taler_wire_lib.h1
-rw-r--r--src/json/json_wire.c94
-rw-r--r--src/util/crypto_wire.c122
21 files changed, 290 insertions, 135 deletions
diff --git a/src/auditor/taler-auditor.c b/src/auditor/taler-auditor.c
index c32f46184..83f87ae0a 100644
--- a/src/auditor/taler-auditor.c
+++ b/src/auditor/taler-auditor.c
@@ -2095,8 +2095,8 @@ wire_transfer_information_cb (void *cls,
struct GNUNET_HashCode hw;
if (GNUNET_OK !=
- TALER_JSON_wire_signature_hash (account_details,
- &hw))
+ TALER_JSON_merchant_wire_signature_hash (account_details,
+ &hw))
{
wcc->qs = GNUNET_DB_STATUS_HARD_ERROR;
report_row_inconsistency ("aggregation",
@@ -2411,8 +2411,8 @@ check_wire_out_cb (void *cls,
TALER_amount_get_zero (amount->currency,
&wcc.total_deposits));
if (GNUNET_OK !=
- TALER_JSON_wire_signature_hash (wire,
- &wcc.h_wire))
+ TALER_JSON_merchant_wire_signature_hash (wire,
+ &wcc.h_wire))
{
GNUNET_break (0);
return GNUNET_SYSERR;
@@ -3430,8 +3430,8 @@ deposit_cb (void *cls,
dr.purpose.size = htonl (sizeof (dr));
dr.h_contract_terms = *h_contract_terms;
if (GNUNET_OK !=
- TALER_JSON_wire_signature_hash (receiver_wire_account,
- &dr.h_wire))
+ TALER_JSON_merchant_wire_signature_hash (receiver_wire_account,
+ &dr.h_wire))
{
GNUNET_break (0);
cc->qs = GNUNET_DB_STATUS_HARD_ERROR;
diff --git a/src/exchange-lib/exchange_api_deposit.c b/src/exchange-lib/exchange_api_deposit.c
index 53fd3c6e6..27711770a 100644
--- a/src/exchange-lib/exchange_api_deposit.c
+++ b/src/exchange-lib/exchange_api_deposit.c
@@ -416,8 +416,8 @@ TALER_EXCHANGE_deposit (struct TALER_EXCHANGE_Handle *exchange,
MAH_handle_is_ready (exchange));
/* initialize h_wire */
if (GNUNET_OK !=
- TALER_JSON_wire_signature_hash (wire_details,
- &h_wire))
+ TALER_JSON_merchant_wire_signature_hash (wire_details,
+ &h_wire))
{
GNUNET_break (0);
return NULL;
diff --git a/src/exchange-lib/exchange_api_wire.c b/src/exchange-lib/exchange_api_wire.c
index af7bbf3b8..f9ef10cda 100644
--- a/src/exchange-lib/exchange_api_wire.c
+++ b/src/exchange-lib/exchange_api_wire.c
@@ -272,7 +272,6 @@ handle_wire_finished (void *cls,
json_t *account;
struct GNUNET_JSON_Specification spec_account[] = {
GNUNET_JSON_spec_string ("url", &wa->url),
- GNUNET_JSON_spec_string ("salt", &wa->salt),
GNUNET_JSON_spec_fixed_auto ("master_sig", &wa->master_sig),
GNUNET_JSON_spec_end()
};
@@ -281,8 +280,8 @@ handle_wire_finished (void *cls,
account = json_array_get (accounts,
i);
if (GNUNET_OK !=
- TALER_JSON_wire_signature_check (account,
- &key_state->master_pub))
+ TALER_JSON_exchange_wire_signature_check (account,
+ &key_state->master_pub))
{
/* bogus reply */
GNUNET_break_op (0);
diff --git a/src/exchange-lib/test_exchange_api_home/.config/taler/account-2.json b/src/exchange-lib/test_exchange_api_home/.config/taler/account-2.json
index 85d80de56..159e03171 100644
--- a/src/exchange-lib/test_exchange_api_home/.config/taler/account-2.json
+++ b/src/exchange-lib/test_exchange_api_home/.config/taler/account-2.json
@@ -1,5 +1,4 @@
{
"url": "payto://x-taler-bank/localhost:8082/2",
- "salt": "TMXB995ZZVKA02AG4074X3C6XX0BFTHY8XK76EF4BSG5XVDF069FEBN4TCKW9GS7NKZH409GKAVHMQPA3T361MC6VM7J268V3GBH42R",
- "master_sig": "CK7BGHKYVAT7DMVCN00DQ0761NCTJVESZT69049BCF3SKNJKVHXXEQ5X6FH2HFGHCJ18YA1MGHBD8RRG4W3G4KJWQJDY2CGPGTHDJ2G"
+ "master_sig": "HC47BZN3C0KJ2VPMJ5EJWD2FXJ72AET0NWFE6JGSGK5CXS4GSKJJ6Z7BTS56JWM7B40SD61Z5GYYMRRE3X9JTJBVMWE0X7XHNXQ9P38"
} \ No newline at end of file
diff --git a/src/exchange-lib/test_exchange_api_home/.config/taler/x-taler-bank.json b/src/exchange-lib/test_exchange_api_home/.config/taler/x-taler-bank.json
index 9445f048e..a15df27ca 100644
--- a/src/exchange-lib/test_exchange_api_home/.config/taler/x-taler-bank.json
+++ b/src/exchange-lib/test_exchange_api_home/.config/taler/x-taler-bank.json
@@ -1,5 +1,4 @@
{
"url": "payto://x-taler-bank/http://localhost:8082/2",
- "salt": "WGRD0W7YKD8ZAN960B0JBRARRY0K5FQ4920Q3DJBTYH4GY7W0XNAX1F04R5B1E0RWH1NFG08TM8K1517WNCXTJM9KMH4913Q5XPK0N8",
- "master_sig": "J4N0KP64MGNEQX9HST9TDWK67152MSHHM9CTZH8GSMKD607BXSAF209AQYDKYT6QJP0NQXYXC1JMM9Z405DJHGV75JFMWP4G6WB6A00"
+ "master_sig": "KQ0BWSCNVR7HGGSAMCYK8ZM30RBS1MHMXT3QBN01PZWC9TV72FEE5RJ7T84C8134EPV6WEBXXY2MTFNE8ZXST6JEJQKR8HX6FQPVY10"
} \ No newline at end of file
diff --git a/src/exchange-lib/testing_api_cmd_deposit.c b/src/exchange-lib/testing_api_cmd_deposit.c
index ecace5654..604fa949b 100644
--- a/src/exchange-lib/testing_api_cmd_deposit.c
+++ b/src/exchange-lib/testing_api_cmd_deposit.c
@@ -330,8 +330,8 @@ deposit_run (void *cls,
dr.h_contract_terms = h_contract_terms;
GNUNET_assert
(GNUNET_OK ==
- TALER_JSON_wire_signature_hash (ds->wire_details,
- &dr.h_wire));
+ TALER_JSON_merchant_wire_signature_hash (ds->wire_details,
+ &dr.h_wire));
dr.timestamp = GNUNET_TIME_absolute_hton (timestamp);
dr.refund_deadline = GNUNET_TIME_absolute_hton
(refund_deadline);
diff --git a/src/exchange-lib/testing_api_cmd_track.c b/src/exchange-lib/testing_api_cmd_track.c
index 8ce9b7bc4..c7fbf4086 100644
--- a/src/exchange-lib/testing_api_cmd_track.c
+++ b/src/exchange-lib/testing_api_cmd_track.c
@@ -328,8 +328,8 @@ track_transaction_run (void *cls,
/* Should not fail here, json has been parsed already */
GNUNET_assert
( (GNUNET_OK ==
- TALER_JSON_wire_signature_hash (wire_details,
- &h_wire_details)) &&
+ TALER_JSON_merchant_wire_signature_hash (wire_details,
+ &h_wire_details)) &&
(GNUNET_OK ==
TALER_JSON_hash (j_contract_terms,
&h_contract_terms)) );
@@ -614,8 +614,10 @@ track_transfer_cb
return;
}
- if (GNUNET_OK != TALER_TESTING_get_trait_wire_details
- (wire_details_cmd, 0, &wire_details))
+ if (GNUNET_OK !=
+ TALER_TESTING_get_trait_wire_details (wire_details_cmd,
+ 0,
+ &wire_details))
{
GNUNET_break (0);
TALER_TESTING_interpreter_fail (is);
@@ -623,9 +625,9 @@ track_transfer_cb
}
GNUNET_assert
- (GNUNET_OK == TALER_JSON_wire_signature_hash
- (wire_details,
- &h_wire_details));
+ (GNUNET_OK ==
+ TALER_JSON_merchant_wire_signature_hash (wire_details,
+ &h_wire_details));
if (0 != memcmp (&h_wire_details,
h_wire,
diff --git a/src/exchange-tools/taler-exchange-wire.c b/src/exchange-tools/taler-exchange-wire.c
index 6daf3de27..c45a73afa 100644
--- a/src/exchange-tools/taler-exchange-wire.c
+++ b/src/exchange-tools/taler-exchange-wire.c
@@ -59,6 +59,7 @@ sign_account_data (void *cls,
json_t *wire;
char *json_out;
FILE *out;
+ int ret;
if (GNUNET_NO == ai->credit_enabled)
return;
@@ -70,8 +71,9 @@ sign_account_data (void *cls,
global_ret = 1;
return;
}
- wire = TALER_JSON_wire_signature_make (ai->payto_url,
- &master_priv);
+ wire = TALER_JSON_exchange_wire_signature_make (ai->payto_url,
+ &master_priv);
+ GNUNET_assert (NULL != wire);
json_out = json_dumps (wire,
JSON_INDENT(2));
json_decref (wire);
@@ -98,10 +100,20 @@ sign_account_data (void *cls,
free (json_out);
return;
}
- fprintf (out,
- "%s",
- json_out);
+ ret = fprintf (out,
+ "%s",
+ json_out);
fclose (out);
+ if ( (0 == fclose (out)) &&
+ (-1 != ret) )
+ fprintf (stdout,
+ "Created wire account file `%s'\n",
+ ai->wire_response_filename);
+ else
+ fprintf (stderr,
+ "Failure creating wire account file `%s': %s\n",
+ ai->wire_response_filename,
+ STRERROR (errno));
free (json_out);
}
diff --git a/src/exchange/taler-exchange-aggregator.c b/src/exchange/taler-exchange-aggregator.c
index 6d363692e..07b4dc474 100644
--- a/src/exchange/taler-exchange-aggregator.c
+++ b/src/exchange/taler-exchange-aggregator.c
@@ -705,8 +705,8 @@ deposit_cb (void *cls,
GNUNET_break (0);
return GNUNET_DB_STATUS_HARD_ERROR;
}
- TALER_JSON_wire_signature_hash (wire,
- &au->h_wire);
+ TALER_JSON_merchant_wire_signature_hash (wire,
+ &au->h_wire);
GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
&au->wtid,
sizeof (au->wtid));
diff --git a/src/exchange/taler-exchange-httpd_deposit.c b/src/exchange/taler-exchange-httpd_deposit.c
index 107456cad..52344d645 100644
--- a/src/exchange/taler-exchange-httpd_deposit.c
+++ b/src/exchange/taler-exchange-httpd_deposit.c
@@ -457,8 +457,8 @@ TEH_DEPOSIT_handler_deposit (struct TEH_RequestHandler *rh,
"timestamp");
}
if (GNUNET_OK !=
- TALER_JSON_wire_signature_hash (wire,
- &my_h_wire))
+ TALER_JSON_merchant_wire_signature_hash (wire,
+ &my_h_wire))
{
TALER_LOG_WARNING ("Failed to parse JSON wire format specification for /deposit request\n");
GNUNET_JSON_parse_free (spec);
diff --git a/src/exchange/taler-exchange-httpd_keystate.c b/src/exchange/taler-exchange-httpd_keystate.c
index ce2eafa71..8fbb2f85f 100644
--- a/src/exchange/taler-exchange-httpd_keystate.c
+++ b/src/exchange/taler-exchange-httpd_keystate.c
@@ -1633,6 +1633,9 @@ TEH_KS_release_ (const char *location,
struct TEH_KS_StateHandle *key_state)
{
GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "KS released at %s\n",
+ location);
ks_release (key_state);
GNUNET_assert (0 == pthread_mutex_unlock (&internal_key_state_mutex));
}
@@ -1653,6 +1656,9 @@ TEH_KS_acquire_ (const char *location)
struct TEH_KS_StateHandle *key_state;
GNUNET_assert (0 == pthread_mutex_lock (&internal_key_state_mutex));
+ GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+ "KS acquired at %s\n",
+ location);
if ( (NULL != internal_key_state) &&
(internal_key_state->next_reload.abs_value_us <= now.abs_value_us) )
{
diff --git a/src/exchange/taler-exchange-httpd_validation.c b/src/exchange/taler-exchange-httpd_validation.c
index 7daa18aa7..aa97af2f2 100644
--- a/src/exchange/taler-exchange-httpd_validation.c
+++ b/src/exchange/taler-exchange-httpd_validation.c
@@ -158,8 +158,8 @@ load_account (void *cls,
}
GNUNET_free (url);
if (GNUNET_OK !=
- TALER_JSON_wire_signature_check (wire_s,
- &TEH_master_public_key))
+ TALER_JSON_exchange_wire_signature_check (wire_s,
+ &TEH_master_public_key))
{
GNUNET_log (GNUNET_ERROR_TYPE_ERROR,
"Invalid signature in `%s'\n",
diff --git a/src/exchange/test_taler_exchange_aggregator.c b/src/exchange/test_taler_exchange_aggregator.c
index 3f813f76f..0ba8152df 100644
--- a/src/exchange/test_taler_exchange_aggregator.c
+++ b/src/exchange/test_taler_exchange_aggregator.c
@@ -447,8 +447,8 @@ do_deposit (struct Command *cmd)
GNUNET_free (str);
}
GNUNET_assert (GNUNET_OK ==
- TALER_JSON_wire_signature_hash (deposit.receiver_wire_account,
- &deposit.h_wire));
+ TALER_JSON_merchant_wire_signature_hash (deposit.receiver_wire_account,
+ &deposit.h_wire));
deposit.timestamp = GNUNET_TIME_absolute_get ();
GNUNET_TIME_round_abs (&deposit.timestamp);
deposit.wire_deadline = GNUNET_TIME_relative_to_absolute (cmd->details.deposit.wire_deadline);
diff --git a/src/exchangedb/test_exchangedb.c b/src/exchangedb/test_exchangedb.c
index cad1ac700..1bae92510 100644
--- a/src/exchangedb/test_exchangedb.c
+++ b/src/exchangedb/test_exchangedb.c
@@ -904,8 +904,8 @@ deposit_cb (void *cls,
deposit_rowid = rowid;
if (NULL != wire)
GNUNET_assert (GNUNET_OK ==
- TALER_JSON_wire_signature_hash (wire,
- &h_wire));
+ TALER_JSON_merchant_wire_signature_hash (wire,
+ &h_wire));
if ( (0 != memcmp (merchant_pub,
&deposit->merchant_pub,
sizeof (struct TALER_MerchantPublicKeyP))) ||
@@ -1438,8 +1438,8 @@ wire_missing_cb (void *cls,
if (NULL != wire)
GNUNET_assert (GNUNET_OK ==
- TALER_JSON_wire_signature_hash (wire,
- &h_wire));
+ TALER_JSON_merchant_wire_signature_hash (wire,
+ &h_wire));
else
memset (&h_wire,
0,
@@ -1922,8 +1922,8 @@ run (void *cls)
RND_BLK (&deposit.merchant_pub);
RND_BLK (&deposit.h_contract_terms);
GNUNET_assert (GNUNET_OK ==
- TALER_JSON_wire_signature_hash (wire,
- &deposit.h_wire));
+ TALER_JSON_merchant_wire_signature_hash (wire,
+ &deposit.h_wire));
deposit.receiver_wire_account = wire;
deposit.amount_with_fee = value;
deposit.deposit_fee = fee_deposit;
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index b22c55ce3..f12516177 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -738,43 +738,83 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
* hash is what is put into the contract.
*
* @param payto_url bank account
- * @param salt salt used to eliminate brute-force inversion
* @param hc[out] set to the hash
*/
void
-TALER_wire_signature_hash (const char *payto_url,
- const char *salt,
- struct GNUNET_HashCode *hc);
+TALER_exchange_wire_signature_hash (const char *payto_url,
+ struct GNUNET_HashCode *hc);
+
/**
* Check the signature in @a wire_s.
*
* @param payto_url URL that is signed
- * @param salt the salt used to salt the @a payto_url when hashing
* @param master_pub master public key of the exchange
* @param master_sig signature of the exchange
* @return #GNUNET_OK if signature is valid
*/
int
-TALER_wire_signature_check (const char *payto_url,
- const char *salt,
- const struct TALER_MasterPublicKeyP *master_pub,
- const struct TALER_MasterSignatureP *master_sig);
+TALER_exchange_wire_signature_check (const char *payto_url,
+ const struct TALER_MasterPublicKeyP *master_pub,
+ const struct TALER_MasterSignatureP *master_sig);
/**
* Create a signed wire statement for the given account.
*
* @param payto_url account specification
- * @param salt the salt used to salt the @a payto_url when hashing
* @param master_priv private key to sign with
* @param master_sig[out] where to write the signature
*/
void
-TALER_wire_signature_make (const char *payto_url,
- const char *salt,
- const struct TALER_MasterPrivateKeyP *master_priv,
- struct TALER_MasterSignatureP *master_sig);
+TALER_exchange_wire_signature_make (const char *payto_url,
+ const struct TALER_MasterPrivateKeyP *master_priv,
+ struct TALER_MasterSignatureP *master_sig);
+
+
+/**
+ * Compute the hash of the given wire details. The resulting
+ * hash is what is put into the contract.
+ *
+ * @param payto_url bank account
+ * @param salt salt used to eliminate brute-force inversion
+ * @param hc[out] set to the hash
+ */
+void
+TALER_merchant_wire_signature_hash (const char *payto_url,
+ const char *salt,
+ struct GNUNET_HashCode *hc);
+
+
+/**
+ * Check the signature in @a wire_s.
+ *
+ * @param payto_url URL that is signed
+ * @param salt the salt used to salt the @a payto_url when hashing
+ * @param merch_pub public key of the merchant
+ * @param merch_sig signature of the merchant
+ * @return #GNUNET_OK if signature is valid
+ */
+int
+TALER_merchant_wire_signature_check (const char *payto_url,
+ const char *salt,
+ const struct TALER_MerchantPublicKeyP *merch_pub,
+ const struct TALER_MerchantSignatureP *merch_sig);
+
+
+/**
+ * Create a signed wire statement for the given account.
+ *
+ * @param payto_url account specification
+ * @param salt the salt used to salt the @a payto_url when hashing
+ * @param merch_priv private key to sign with
+ * @param merch_sig[out] where to write the signature
+ */
+void
+TALER_merchant_wire_signature_make (const char *payto_url,
+ const char *salt,
+ const struct TALER_MerchantPrivateKeyP *merch_priv,
+ struct TALER_MerchantSignatureP *merch_sig);
#endif
diff --git a/src/include/taler_exchange_service.h b/src/include/taler_exchange_service.h
index d48dd8629..a18672f5a 100644
--- a/src/include/taler_exchange_service.h
+++ b/src/include/taler_exchange_service.h
@@ -480,11 +480,6 @@ struct TALER_EXCHANGE_WireAccount
const char *url;
/**
- * Salt used to generate @e master_sig.
- */
- const char *salt;
-
- /**
* Signature of the exchange over the account (was checked by the API).
*/
struct TALER_MasterSignatureP master_sig;
diff --git a/src/include/taler_json_lib.h b/src/include/taler_json_lib.h
index 0504ddfb8..99a2c375c 100644
--- a/src/include/taler_json_lib.h
+++ b/src/include/taler_json_lib.h
@@ -137,8 +137,22 @@ TALER_JSON_get_error_code (const json_t *json);
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
*/
int
-TALER_JSON_wire_signature_hash (const json_t *wire_s,
- struct GNUNET_HashCode *hc);
+TALER_JSON_merchant_wire_signature_hash (const json_t *wire_s,
+ struct GNUNET_HashCode *hc);
+
+
+/**
+ * Compute the hash of the given wire details. The resulting
+ * hash is what is signed by the master public key.
+ *
+ * @param wire_s wire details to hash
+ * @param hc[out] set to the hash
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
+ */
+int
+TALER_JSON_exchange_wire_signature_hash (const json_t *wire_s,
+ struct GNUNET_HashCode *hc);
+
/**
* Check the signature in @a wire_s.
@@ -148,8 +162,8 @@ TALER_JSON_wire_signature_hash (const json_t *wire_s,
* @return #GNUNET_OK if signature is valid
*/
int
-TALER_JSON_wire_signature_check (const json_t *wire_s,
- const struct TALER_MasterPublicKeyP *master_pub);
+TALER_JSON_exchange_wire_signature_check (const json_t *wire_s,
+ const struct TALER_MasterPublicKeyP *master_pub);
/**
@@ -159,8 +173,8 @@ TALER_JSON_wire_signature_check (const json_t *wire_s,
* @param master_priv private key to sign with, NULL to not sign
*/
json_t *
-TALER_JSON_wire_signature_make (const char *payto_url,
- const struct TALER_MasterPrivateKeyP *master_priv);
+TALER_JSON_exchange_wire_signature_make (const char *payto_url,
+ const struct TALER_MasterPrivateKeyP *master_priv);
/**
diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h
index f1148beb8..428fa96ec 100644
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@@ -178,6 +178,12 @@
*/
#define TALER_SIGNATURE_MERCHANT_PAY_SESSION 1106
+/**
+ * Signature where the merchant confirms its own (salted)
+ * wire details (not yet really used).
+ */
+#define TALER_SIGNATURE_MERCHANT_WIRE_DETAILS 1107
+
/*********************/
/* Wallet signatures */
diff --git a/src/include/taler_wire_lib.h b/src/include/taler_wire_lib.h
index 0cf38d6d1..b75c107b0 100644
--- a/src/include/taler_wire_lib.h
+++ b/src/include/taler_wire_lib.h
@@ -46,6 +46,7 @@ struct TALER_WIRE_Plugin *
TALER_WIRE_plugin_load (const struct GNUNET_CONFIGURATION_Handle *cfg,
const char *plugin_name);
+
/**
* Unload a WIRE plugin.
*
diff --git a/src/json/json_wire.c b/src/json/json_wire.c
index f0bd17578..d5f095f76 100644
--- a/src/json/json_wire.c
+++ b/src/json/json_wire.c
@@ -34,8 +34,40 @@
* @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
*/
int
-TALER_JSON_wire_signature_hash (const json_t *wire_s,
- struct GNUNET_HashCode *hc)
+TALER_JSON_exchange_wire_signature_hash (const json_t *wire_s,
+ struct GNUNET_HashCode *hc)
+{
+ const char *payto_url;
+ struct GNUNET_JSON_Specification spec[] = {
+ GNUNET_JSON_spec_string ("url", &payto_url),
+ GNUNET_JSON_spec_end ()
+ };
+
+ if (GNUNET_OK !=
+ GNUNET_JSON_parse (wire_s,
+ spec,
+ NULL, NULL))
+ {
+ GNUNET_break_op (0);
+ return GNUNET_SYSERR;
+ }
+ TALER_exchange_wire_signature_hash (payto_url,
+ hc);
+ return GNUNET_OK;
+}
+
+
+/**
+ * Compute the hash of the given wire details. The resulting
+ * hash is what is put into the contract.
+ *
+ * @param wire_s wire details to hash
+ * @param hc[out] set to the hash
+ * @return #GNUNET_OK on success, #GNUNET_SYSERR if @a wire_s is malformed
+ */
+int
+TALER_JSON_merchant_wire_signature_hash (const json_t *wire_s,
+ struct GNUNET_HashCode *hc)
{
const char *payto_url;
const char *salt;
@@ -53,9 +85,9 @@ TALER_JSON_wire_signature_hash (const json_t *wire_s,
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
- TALER_wire_signature_hash (payto_url,
- salt,
- hc);
+ TALER_merchant_wire_signature_hash (payto_url,
+ salt,
+ hc);
return GNUNET_OK;
}
@@ -68,15 +100,13 @@ TALER_JSON_wire_signature_hash (const json_t *wire_s,
* @return #GNUNET_OK if signature is valid
*/
int
-TALER_JSON_wire_signature_check (const json_t *wire_s,
- const struct TALER_MasterPublicKeyP *master_pub)
+TALER_JSON_exchange_wire_signature_check (const json_t *wire_s,
+ const struct TALER_MasterPublicKeyP *master_pub)
{
const char *payto_url;
- const char *salt;
struct TALER_MasterSignatureP master_sig;
struct GNUNET_JSON_Specification spec[] = {
GNUNET_JSON_spec_string ("url", &payto_url),
- GNUNET_JSON_spec_string ("salt", &salt),
GNUNET_JSON_spec_fixed_auto ("master_sig", &master_sig),
GNUNET_JSON_spec_end ()
};
@@ -89,10 +119,9 @@ TALER_JSON_wire_signature_check (const json_t *wire_s,
GNUNET_break_op (0);
return GNUNET_SYSERR;
}
- return TALER_wire_signature_check (payto_url,
- salt,
- master_pub,
- &master_sig);
+ return TALER_exchange_wire_signature_check (payto_url,
+ master_pub,
+ &master_sig);
}
@@ -103,38 +132,17 @@ TALER_JSON_wire_signature_check (const json_t *wire_s,
* @param master_priv private key to sign with, NULL to not sign
*/
json_t *
-TALER_JSON_wire_signature_make (const char *payto_url,
- const struct TALER_MasterPrivateKeyP *master_priv)
+TALER_JSON_exchange_wire_signature_make (const char *payto_url,
+ const struct TALER_MasterPrivateKeyP *master_priv)
{
struct TALER_MasterSignatureP master_sig;
- struct GNUNET_HashCode salt;
- char *salt_str;
- json_t *ret;
-
- GNUNET_CRYPTO_random_block (GNUNET_CRYPTO_QUALITY_NONCE,
- &salt,
- sizeof (salt));
- salt_str = GNUNET_STRINGS_data_to_string_alloc (&salt,
- sizeof (salt));
- if (NULL != master_priv)
- {
- TALER_wire_signature_make (payto_url,
- salt_str,
- master_priv,
- &master_sig);
- ret = json_pack ("{s:s, s:s, s:o}",
- "url", payto_url,
- "salt", salt_str,
- "master_sig", GNUNET_JSON_from_data_auto (&master_sig));
- }
- else
- {
- ret = json_pack ("{s:s, s:s}",
- "url", payto_url,
- "salt", salt_str);
- }
- GNUNET_free (salt_str);
- return ret;
+
+ TALER_exchange_wire_signature_make (payto_url,
+ master_priv,
+ &master_sig);
+ return json_pack ("{s:s, s:o}",
+ "url", payto_url,
+ "master_sig", GNUNET_JSON_from_data_auto (&master_sig));
}
diff --git a/src/util/crypto_wire.c b/src/util/crypto_wire.c
index 494573ffa..ca6b9d216 100644
--- a/src/util/crypto_wire.c
+++ b/src/util/crypto_wire.c
@@ -22,28 +22,25 @@
#include "taler_crypto_lib.h"
#include "taler_signatures.h"
+
/**
* Compute the hash of the given wire details. The resulting
* hash is what is put into the contract.
*
* @param payto_url bank account
- * @param salt salt used to eliminate brute-force inversion
* @param hc[out] set to the hash
*/
void
-TALER_wire_signature_hash (const char *payto_url,
- const char *salt,
- struct GNUNET_HashCode *hc)
+TALER_exchange_wire_signature_hash (const char *payto_url,
+ struct GNUNET_HashCode *hc)
{
GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_kdf (hc,
sizeof (*hc),
- salt,
- strlen (salt) + 1,
payto_url,
strlen (payto_url) + 1,
- "wire-signature",
- strlen ("wire-signature"),
+ "exchange-wire-signature",
+ strlen ("exchange-wire-signature"),
NULL, 0));
}
@@ -52,24 +49,21 @@ TALER_wire_signature_hash (const char *payto_url,
* Check the signature in @a wire_s.
*
* @param payto_url URL that is signed
- * @param salt the salt used to salt the @a payto_url when hashing
* @param master_pub master public key of the exchange
* @param master_sig signature of the exchange
* @return #GNUNET_OK if signature is valid
*/
int
-TALER_wire_signature_check (const char *payto_url,
- const char *salt,
- const struct TALER_MasterPublicKeyP *master_pub,
- const struct TALER_MasterSignatureP *master_sig)
+TALER_exchange_wire_signature_check (const char *payto_url,
+ const struct TALER_MasterPublicKeyP *master_pub,
+ const struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterWireDetailsPS wd;
wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
wd.purpose.size = htonl (sizeof (wd));
- TALER_wire_signature_hash (payto_url,
- salt,
- &wd.h_wire_details);
+ TALER_exchange_wire_signature_hash (payto_url,
+ &wd.h_wire_details);
return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_WIRE_DETAILS,
&wd.purpose,
&master_sig->eddsa_signature,
@@ -81,23 +75,20 @@ TALER_wire_signature_check (const char *payto_url,
* Create a signed wire statement for the given account.
*
* @param payto_url account specification
- * @param salt the salt used to salt the @a payto_url when hashing
* @param master_priv private key to sign with
* @param master_sig[out] where to write the signature
*/
void
-TALER_wire_signature_make (const char *payto_url,
- const char *salt,
- const struct TALER_MasterPrivateKeyP *master_priv,
- struct TALER_MasterSignatureP *master_sig)
+TALER_exchange_wire_signature_make (const char *payto_url,
+ const struct TALER_MasterPrivateKeyP *master_priv,
+ struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterWireDetailsPS wd;
wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
wd.purpose.size = htonl (sizeof (wd));
- TALER_wire_signature_hash (payto_url,
- salt,
- &wd.h_wire_details);
+ TALER_exchange_wire_signature_hash (payto_url,
+ &wd.h_wire_details);
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
&wd.purpose,
@@ -105,4 +96,87 @@ TALER_wire_signature_make (const char *payto_url,
}
+/**
+ * Compute the hash of the given wire details. The resulting
+ * hash is what is put into the contract.
+ *
+ * @param payto_url bank account
+ * @param salt salt used to eliminate brute-force inversion
+ * @param hc[out] set to the hash
+ */
+void
+TALER_merchant_wire_signature_hash (const char *payto_url,
+ const char *salt,
+ struct GNUNET_HashCode *hc)
+{
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (hc,
+ sizeof (*hc),
+ salt,
+ strlen (salt) + 1,
+ payto_url,
+ strlen (payto_url) + 1,
+ "merchant-wire-signature",
+ strlen ("merchant-wire-signature"),
+ NULL, 0));
+}
+
+
+/**
+ * Check the signature in @a merch_sig. (Not yet used anywhere.)
+ *
+ * @param payto_url URL that is signed
+ * @param salt the salt used to salt the @a payto_url when hashing
+ * @param merch_pub master public key of the merchant
+ * @param merch_sig signature of the merchant
+ * @return #GNUNET_OK if signature is valid
+ */
+int
+TALER_merchant_wire_signature_check (const char *payto_url,
+ const char *salt,
+ const struct TALER_MerchantPublicKeyP *merch_pub,
+ const struct TALER_MerchantSignatureP *merch_sig)
+{
+ struct TALER_MasterWireDetailsPS wd;
+
+ wd.purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS);
+ wd.purpose.size = htonl (sizeof (wd));
+ TALER_merchant_wire_signature_hash (payto_url,
+ salt,
+ &wd.h_wire_details);
+ return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS,
+ &wd.purpose,
+ &merch_sig->eddsa_sig,
+ &merch_pub->eddsa_pub);
+}
+
+
+/**
+ * Create a signed wire statement for the given account. (Not yet used anywhere.)
+ *
+ * @param payto_url account specification
+ * @param salt the salt used to salt the @a payto_url when hashing
+ * @param merchant_priv private key to sign with
+ * @param merchant_sig[out] where to write the signature
+ */
+void
+TALER_merchant_wire_signature_make (const char *payto_url,
+ const char *salt,
+ const struct TALER_MerchantPrivateKeyP *merch_priv,
+ struct TALER_MerchantSignatureP *merch_sig)
+{
+ struct TALER_MasterWireDetailsPS wd;
+
+ wd.purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS);
+ wd.purpose.size = htonl (sizeof (wd));
+ TALER_merchant_wire_signature_hash (payto_url,
+ salt,
+ &wd.h_wire_details);
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_eddsa_sign (&merch_priv->eddsa_priv,
+ &wd.purpose,
+ &merch_sig->eddsa_sig));
+}
+
+
/* end of crypto_wire.c */