aboutsummaryrefslogtreecommitdiff
path: root/src/util
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2018-10-06 15:05:06 +0200
committerChristian Grothoff <christian@grothoff.org>2018-10-06 15:05:06 +0200
commita56e2e34bce77d41a6d3a2cbbcb89119b98ef750 (patch)
treef71989d1aa318d62d2e0e4acd94f6b6454329535 /src/util
parent81ce7abe190751da205bced8ca340e1cdc83e4f0 (diff)
fix #5434 (no more salt in exchange wire replies)
Diffstat (limited to 'src/util')
-rw-r--r--src/util/crypto_wire.c122
1 files changed, 98 insertions, 24 deletions
diff --git a/src/util/crypto_wire.c b/src/util/crypto_wire.c
index 494573ffa..ca6b9d216 100644
--- a/src/util/crypto_wire.c
+++ b/src/util/crypto_wire.c
@@ -22,28 +22,25 @@
#include "taler_crypto_lib.h"
#include "taler_signatures.h"
+
/**
* Compute the hash of the given wire details. The resulting
* hash is what is put into the contract.
*
* @param payto_url bank account
- * @param salt salt used to eliminate brute-force inversion
* @param hc[out] set to the hash
*/
void
-TALER_wire_signature_hash (const char *payto_url,
- const char *salt,
- struct GNUNET_HashCode *hc)
+TALER_exchange_wire_signature_hash (const char *payto_url,
+ struct GNUNET_HashCode *hc)
{
GNUNET_assert (GNUNET_YES ==
GNUNET_CRYPTO_kdf (hc,
sizeof (*hc),
- salt,
- strlen (salt) + 1,
payto_url,
strlen (payto_url) + 1,
- "wire-signature",
- strlen ("wire-signature"),
+ "exchange-wire-signature",
+ strlen ("exchange-wire-signature"),
NULL, 0));
}
@@ -52,24 +49,21 @@ TALER_wire_signature_hash (const char *payto_url,
* Check the signature in @a wire_s.
*
* @param payto_url URL that is signed
- * @param salt the salt used to salt the @a payto_url when hashing
* @param master_pub master public key of the exchange
* @param master_sig signature of the exchange
* @return #GNUNET_OK if signature is valid
*/
int
-TALER_wire_signature_check (const char *payto_url,
- const char *salt,
- const struct TALER_MasterPublicKeyP *master_pub,
- const struct TALER_MasterSignatureP *master_sig)
+TALER_exchange_wire_signature_check (const char *payto_url,
+ const struct TALER_MasterPublicKeyP *master_pub,
+ const struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterWireDetailsPS wd;
wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
wd.purpose.size = htonl (sizeof (wd));
- TALER_wire_signature_hash (payto_url,
- salt,
- &wd.h_wire_details);
+ TALER_exchange_wire_signature_hash (payto_url,
+ &wd.h_wire_details);
return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MASTER_WIRE_DETAILS,
&wd.purpose,
&master_sig->eddsa_signature,
@@ -81,23 +75,20 @@ TALER_wire_signature_check (const char *payto_url,
* Create a signed wire statement for the given account.
*
* @param payto_url account specification
- * @param salt the salt used to salt the @a payto_url when hashing
* @param master_priv private key to sign with
* @param master_sig[out] where to write the signature
*/
void
-TALER_wire_signature_make (const char *payto_url,
- const char *salt,
- const struct TALER_MasterPrivateKeyP *master_priv,
- struct TALER_MasterSignatureP *master_sig)
+TALER_exchange_wire_signature_make (const char *payto_url,
+ const struct TALER_MasterPrivateKeyP *master_priv,
+ struct TALER_MasterSignatureP *master_sig)
{
struct TALER_MasterWireDetailsPS wd;
wd.purpose.purpose = htonl (TALER_SIGNATURE_MASTER_WIRE_DETAILS);
wd.purpose.size = htonl (sizeof (wd));
- TALER_wire_signature_hash (payto_url,
- salt,
- &wd.h_wire_details);
+ TALER_exchange_wire_signature_hash (payto_url,
+ &wd.h_wire_details);
GNUNET_assert (GNUNET_OK ==
GNUNET_CRYPTO_eddsa_sign (&master_priv->eddsa_priv,
&wd.purpose,
@@ -105,4 +96,87 @@ TALER_wire_signature_make (const char *payto_url,
}
+/**
+ * Compute the hash of the given wire details. The resulting
+ * hash is what is put into the contract.
+ *
+ * @param payto_url bank account
+ * @param salt salt used to eliminate brute-force inversion
+ * @param hc[out] set to the hash
+ */
+void
+TALER_merchant_wire_signature_hash (const char *payto_url,
+ const char *salt,
+ struct GNUNET_HashCode *hc)
+{
+ GNUNET_assert (GNUNET_YES ==
+ GNUNET_CRYPTO_kdf (hc,
+ sizeof (*hc),
+ salt,
+ strlen (salt) + 1,
+ payto_url,
+ strlen (payto_url) + 1,
+ "merchant-wire-signature",
+ strlen ("merchant-wire-signature"),
+ NULL, 0));
+}
+
+
+/**
+ * Check the signature in @a merch_sig. (Not yet used anywhere.)
+ *
+ * @param payto_url URL that is signed
+ * @param salt the salt used to salt the @a payto_url when hashing
+ * @param merch_pub master public key of the merchant
+ * @param merch_sig signature of the merchant
+ * @return #GNUNET_OK if signature is valid
+ */
+int
+TALER_merchant_wire_signature_check (const char *payto_url,
+ const char *salt,
+ const struct TALER_MerchantPublicKeyP *merch_pub,
+ const struct TALER_MerchantSignatureP *merch_sig)
+{
+ struct TALER_MasterWireDetailsPS wd;
+
+ wd.purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS);
+ wd.purpose.size = htonl (sizeof (wd));
+ TALER_merchant_wire_signature_hash (payto_url,
+ salt,
+ &wd.h_wire_details);
+ return GNUNET_CRYPTO_eddsa_verify (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS,
+ &wd.purpose,
+ &merch_sig->eddsa_sig,
+ &merch_pub->eddsa_pub);
+}
+
+
+/**
+ * Create a signed wire statement for the given account. (Not yet used anywhere.)
+ *
+ * @param payto_url account specification
+ * @param salt the salt used to salt the @a payto_url when hashing
+ * @param merchant_priv private key to sign with
+ * @param merchant_sig[out] where to write the signature
+ */
+void
+TALER_merchant_wire_signature_make (const char *payto_url,
+ const char *salt,
+ const struct TALER_MerchantPrivateKeyP *merch_priv,
+ struct TALER_MerchantSignatureP *merch_sig)
+{
+ struct TALER_MasterWireDetailsPS wd;
+
+ wd.purpose.purpose = htonl (TALER_SIGNATURE_MERCHANT_WIRE_DETAILS);
+ wd.purpose.size = htonl (sizeof (wd));
+ TALER_merchant_wire_signature_hash (payto_url,
+ salt,
+ &wd.h_wire_details);
+ GNUNET_assert (GNUNET_OK ==
+ GNUNET_CRYPTO_eddsa_sign (&merch_priv->eddsa_priv,
+ &wd.purpose,
+ &merch_sig->eddsa_sig));
+}
+
+
/* end of crypto_wire.c */