-use different hash for RSA vs. Denomination hashing

2 files changed, 52 insertions, 27 deletions

diff --git a/src/include/taler_crypto_lib.h b/src/include/taler_crypto_lib.h
index 0a40282e1..ea53efb66 100644
--- a/src/include/taler_crypto_lib.h
+++ b/src/include/taler_crypto_lib.h
@@ -403,6 +403,31 @@ struct TALER_WireSalt
 
 
 /**
+ * Hash used to represent an RSA public key.  Does not include age
+ * restrictions and is ONLY for RSA.  Used ONLY for interactions with the RSA
+ * security module.
+ */
+struct TALER_RsaPubHashP
+{
+  /**
+   * Actual hash value.
+   */
+  struct GNUNET_HashCode hash;
+};
+
+
+/**
+ * Hash @a rsa.
+ *
+ * @param rsa key to hash
+ * @param[out] h_rsa where to write the result
+ */
+void
+TALER_rsa_pub_hash (const struct GNUNET_CRYPTO_RsaPublicKey *rsa,
+                    struct TALER_RsaPubHashP *h_rsa);
+
+
+/**
  * Hash used to represent a denomination public key
  * and associated age restrictions (if any).
  */
@@ -1318,7 +1343,7 @@ TALER_refresh_get_commitment (struct TALER_RefreshCommitmentP *rc,
 /**
  * Handle for talking to an Denomination key signing helper.
  */
-struct TALER_CRYPTO_DenominationHelper;
+struct TALER_CRYPTO_RsaDenominationHelper;
 
 /**
  * Function called with information about available keys for signing.  Usually
@@ -1332,19 +1357,19 @@ struct TALER_CRYPTO_DenominationHelper;
  *                 zero if the key has been revoked or purged
  * @param validity_duration how long does the key remain available for signing;
  *                 zero if the key has been revoked or purged
- * @param h_denom_pub hash of the @a denom_pub that is available (or was purged)
+ * @param h_rsa hash of the RSA @a denom_pub that is available (or was purged)
  * @param denom_pub the public key itself, NULL if the key was revoked or purged
  * @param sm_pub public key of the security module, NULL if the key was revoked or purged
  * @param sm_sig signature from the security module, NULL if the key was revoked or purged
  *               The signature was already verified against @a sm_pub.
  */
 typedef void
-(*TALER_CRYPTO_DenominationKeyStatusCallback)(
+(*TALER_CRYPTO_RsaDenominationKeyStatusCallback)(
   void *cls,
   const char *section_name,
   struct GNUNET_TIME_Absolute start_time,
   struct GNUNET_TIME_Relative validity_duration,
-  const struct TALER_DenominationHash *h_denom_pub,
+  const struct TALER_RsaPubHashP *h_rsa,
   const struct TALER_DenominationPublicKey *denom_pub,
   const struct TALER_SecurityModulePublicKeyP *sm_pub,
   const struct TALER_SecurityModuleSignatureP *sm_sig);
@@ -1358,10 +1383,10 @@ typedef void
  * @param dkc_cls closure for @a dkc
  * @return NULL on error (such as bad @a cfg).
  */
-struct TALER_CRYPTO_DenominationHelper *
-TALER_CRYPTO_helper_denom_connect (
+struct TALER_CRYPTO_RsaDenominationHelper *
+TALER_CRYPTO_helper_rsa_connect (
   const struct GNUNET_CONFIGURATION_Handle *cfg,
-  TALER_CRYPTO_DenominationKeyStatusCallback dkc,
+  TALER_CRYPTO_RsaDenominationKeyStatusCallback dkc,
   void *dkc_cls);
 
 
@@ -1375,7 +1400,7 @@ TALER_CRYPTO_helper_denom_connect (
  * @param dh helper process connection
  */
 void
-TALER_CRYPTO_helper_denom_poll (struct TALER_CRYPTO_DenominationHelper *dh);
+TALER_CRYPTO_helper_rsa_poll (struct TALER_CRYPTO_RsaDenominationHelper *dh);
 
 
 /**
@@ -1389,7 +1414,7 @@ TALER_CRYPTO_helper_denom_poll (struct TALER_CRYPTO_DenominationHelper *dh);
  * differences in the signature counters.  Retrying in this case may work.
  *
  * @param dh helper process connection
- * @param h_denom_pub hash of the public key to use to sign
+ * @param h_rsa hash of the RSA public key to use to sign
  * @param msg message to sign
  * @param msg_size number of bytes in @a msg
  * @param[out] ec set to the error code (or #TALER_EC_NONE on success)
@@ -1397,9 +1422,9 @@ TALER_CRYPTO_helper_denom_poll (struct TALER_CRYPTO_DenominationHelper *dh);
  *         see @a ec for details about the failure
  */
 struct TALER_BlindedDenominationSignature
-TALER_CRYPTO_helper_denom_sign (
-  struct TALER_CRYPTO_DenominationHelper *dh,
-  const struct TALER_DenominationHash *h_denom_pub,
+TALER_CRYPTO_helper_rsa_sign (
+  struct TALER_CRYPTO_RsaDenominationHelper *dh,
+  const struct TALER_RsaPubHashP *h_rsa,
   const void *msg,
   size_t msg_size,
   enum TALER_ErrorCode *ec);
@@ -1418,12 +1443,12 @@ TALER_CRYPTO_helper_denom_sign (
  * callback.
  *
  * @param dh helper to process connection
- * @param h_denom_pub hash of the public key to revoke
+ * @param h_rsa hash of the RSA public key to revoke
  */
 void
-TALER_CRYPTO_helper_denom_revoke (
-  struct TALER_CRYPTO_DenominationHelper *dh,
-  const struct TALER_DenominationHash *h_denom_pub);
+TALER_CRYPTO_helper_rsa_revoke (
+  struct TALER_CRYPTO_RsaDenominationHelper *dh,
+  const struct TALER_RsaPubHashP *h_rsa);
 
 
 /**
@@ -1432,8 +1457,8 @@ TALER_CRYPTO_helper_denom_revoke (
  * @param[in] dh connection to close
  */
 void
-TALER_CRYPTO_helper_denom_disconnect (
-  struct TALER_CRYPTO_DenominationHelper *dh);
+TALER_CRYPTO_helper_rsa_disconnect (
+  struct TALER_CRYPTO_RsaDenominationHelper *dh);
 
 
 /**
@@ -1990,7 +2015,7 @@ TALER_exchange_secmod_eddsa_verify (
 /**
  * Create security module denomination signature.
  *
- * @param h_denom_pub hash of the public key to sign
+ * @param h_rsa hash of the RSA public key to sign
  * @param section_name name of the section in the configuration
  * @param start_sign starting point of validity for signing
  * @param duration how long will the key be in use
@@ -1998,8 +2023,8 @@ TALER_exchange_secmod_eddsa_verify (
  * @param[out] secm_sig where to write the signature
  */
 void
-TALER_exchange_secmod_denom_sign (
-  const struct TALER_DenominationHash *h_denom_pub,
+TALER_exchange_secmod_rsa_sign (
+  const struct TALER_RsaPubHashP *h_rsa,
   const char *section_name,
   struct GNUNET_TIME_Absolute start_sign,
   struct GNUNET_TIME_Relative duration,
@@ -2010,7 +2035,7 @@ TALER_exchange_secmod_denom_sign (
 /**
  * Verify security module denomination signature.
  *
- * @param h_denom_pub hash of the public key to validate
+ * @param h_rsa hash of the public key to validate
  * @param section_name name of the section in the configuration
  * @param start_sign starting point of validity for signing
  * @param duration how long will the key be in use
@@ -2019,8 +2044,8 @@ TALER_exchange_secmod_denom_sign (
  * @return #GNUNET_OK if the signature is valid
  */
 enum GNUNET_GenericReturnValue
-TALER_exchange_secmod_denom_verify (
-  const struct TALER_DenominationHash *h_denom_pub,
+TALER_exchange_secmod_rsa_verify (
+  const struct TALER_RsaPubHashP *h_rsa,
   const char *section_name,
   struct GNUNET_TIME_Absolute start_sign,
   struct GNUNET_TIME_Relative duration,
diff --git a/src/include/taler_signatures.h b/src/include/taler_signatures.h
index 40755348d..991c56e65 100644
--- a/src/include/taler_signatures.h
+++ b/src/include/taler_signatures.h
@@ -271,7 +271,7 @@
 /**
  * Signature on a denomination key announcement.
  */
-#define TALER_SIGNATURE_SM_DENOMINATION_KEY 1250
+#define TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY 1250
 
 /**
  * Signature on an exchange message signing key announcement.
@@ -324,7 +324,7 @@ struct TALER_DenominationKeyAnnouncementPS
 {
 
   /**
-   * Purpose must be #TALER_SIGNATURE_SM_DENOMINATION_KEY.
+   * Purpose must be #TALER_SIGNATURE_SM_RSA_DENOMINATION_KEY.
    * Used with an EdDSA signature of a `struct TALER_SecurityModulePublicKeyP`.
    */
   struct GNUNET_CRYPTO_EccSignaturePurpose purpose;
@@ -332,7 +332,7 @@ struct TALER_DenominationKeyAnnouncementPS
   /**
    * Hash of the denomination public key.
    */
-  struct TALER_DenominationHash h_denom_pub;
+  struct TALER_RsaPubHashP h_rsa;
 
   /**
    * Hash of the section name in the configuration of this denomination.