move ID computation into libtalerutil

author: Christian Grothoff <christian@grothoff.org> 2024-06-04 14:59:22 +0200
committer: Christian Grothoff <christian@grothoff.org> 2024-07-29 12:18:42 +0200
commit: 76c96fad246393f205e4ad4fdc1abb98582a1849 (patch)
tree: 13ef27476346907f4b9b073fed09e68ae3d8570e
parent: 8d1e83097d360916c07552b7765339727760e2a8 (diff)
3 files changed, 65 insertions, 20 deletions
diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index f410605a5..4238479a4 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -1273,6 +1273,20 @@ struct TALER_AgeCommitmentHash
 };
 
 /**
+ * @brief KYC measure authorization hash.
+ * Hashes over the AccountAccessToken, the
+ * row ID and the offset. Used in the
+ * ID of /kyc-upload/ and /kyc-start/.
+ */
+struct TALER_KycMeasureAuthorizationHash
+{
+  /**
+   * The hash is a SHA-256 hash code.
+   */
+  struct GNUNET_ShortHashCode shash;
+};
+
+/**
  * @brief Signature of an age with the private key for the corresponding age group of an age commitment.
  */
 struct TALER_AgeAttestation
@@ -1796,6 +1810,24 @@ TALER_coin_pub_hash (const struct TALER_CoinSpendPublicKeyP *coin_pub,
 
 
 /**
+ * Hashes the @a access_token, @a row and @a offset
+ * to compute an authorization hash used in the
+ * /kyc-upload/ and /kyc-start/ endpoints.
+ *
+ * @param access_token the access token
+ * @param row the database row
+ * @param offset the offset of the measure in the array
+ * @param[out] mah set to the hash
+ */
+void
+TALER_kyc_measure_authorization_hash (
+  const struct TALER_AccountAccessTokenP *access_token,
+  uint64_t row,
+  uint32_t offset,
+  struct TALER_KycMeasureAuthorizationHash *mah);
+
+
+/**
  * Compute the hash of a payto URI.
  *
  * @param payto URI to hash
diff --git a/src/kyclogic/kyclogic_api.c b/src/kyclogic/kyclogic_api.c
index c4faead6c..19b02c899 100644
--- a/src/kyclogic/kyclogic_api.c
+++ b/src/kyclogic/kyclogic_api.c
@@ -2117,35 +2117,21 @@ TALER_KYCLOGIC_measure_to_requirement (
 {
   struct TALER_KYCLOGIC_KycCheck *kc;
   json_t *kri;
-  struct GNUNET_ShortHashCode shv;
-  uint64_t be = GNUNET_htonll (row_id);
-  uint32_t be32 = htonl ((uint32_t) offset);
+  struct TALER_KycMeasureAuthorizationHash shv;
   char *ids;
   char *xids;
 
-  GNUNET_assert (offset <= UINT_MAX);
-  GNUNET_assert (offset <= UINT32_MAX);
   kc = find_check (check_name);
   if (NULL == kc)
   {
     GNUNET_break (0);
     return NULL;
   }
-  /* FIXME: should be moved to someplace
-     in util/crypto as the $ID-handlers
-     need exactly the same computation! */
-  GNUNET_assert (
-    GNUNET_YES ==
-    GNUNET_CRYPTO_kdf (&shv,
-                       sizeof (shv),
-                       &be,
-                       sizeof (be),
-                       access_token,
-                       sizeof (*access_token),
-                       &be32,
-                       sizeof (be32),
-                       NULL,
-                       0));
+  GNUNET_assert (offset <= UINT32_MAX);
+  TALER_kyc_measure_authorization_hash (access_token,
+                                        row_id,
+                                        (uint32_t) offset,
+                                        &shv);
   switch (kc->type)
   {
   case TALER_KYCLOGIC_CT_INFO:
@@ -2157,6 +2143,7 @@ TALER_KYCLOGIC_measure_to_requirement (
       GNUNET_JSON_pack_object_incref ("description_i18n",
                                       (json_t *) kc->description_i18n));
   case TALER_KYCLOGIC_CT_FORM:
+    GNUNET_assert (offset <= UINT_MAX);
     ids = GNUNET_STRINGS_data_to_string_alloc (&shv,
                                                sizeof (shv));
     GNUNET_asprintf (&xids,
@@ -2177,6 +2164,7 @@ TALER_KYCLOGIC_measure_to_requirement (
     GNUNET_free (xids);
     return kri;
   case TALER_KYCLOGIC_CT_LINK:
+    GNUNET_assert (offset <= UINT_MAX);
     ids = GNUNET_STRINGS_data_to_string_alloc (&shv,
                                                sizeof (shv));
     GNUNET_asprintf (&xids,
diff --git a/src/util/crypto.c b/src/util/crypto.c
index 4735af3b0..be361ea31 100644
--- a/src/util/crypto.c
+++ b/src/util/crypto.c
@@ -541,4 +541,29 @@ TALER_denomination_group_get_key (
 }
 
 
+void
+TALER_kyc_measure_authorization_hash (
+  const struct TALER_AccountAccessTokenP *access_token,
+  uint64_t row,
+  uint32_t offset,
+  struct TALER_KycMeasureAuthorizationHash *mah)
+{
+  uint64_t be64 = GNUNET_htonll (row);
+  uint32_t be32 = htonl ((uint32_t) offset);
+
+  GNUNET_assert (
+    GNUNET_YES ==
+    GNUNET_CRYPTO_kdf (mah,
+                       sizeof (*mah),
+                       &be64,
+                       sizeof (be64),
+                       access_token,
+                       sizeof (*access_token),
+                       &be32,
+                       sizeof (be32),
+                       NULL,
+                       0));
+}
+
+
 /* end of crypto.c */
author	Christian Grothoff <christian@grothoff.org>	2024-06-04 14:59:22 +0200
committer	Christian Grothoff <christian@grothoff.org>	2024-07-29 12:18:42 +0200
commit	76c96fad246393f205e4ad4fdc1abb98582a1849 (patch)
tree	13ef27476346907f4b9b073fed09e68ae3d8570e
parent	8d1e83097d360916c07552b7765339727760e2a8 (diff)